Racing Ahead at the Speed of Retail
If you are in retail, then you probably know about NRF Retail’s Big Show 2017 happening January 15-17 in New York City. This year marks the 107th Big Show. That is not a typo, NRF (The National Retail Federation), the world’s largest retail trade association, has hosted this event 106 times before. Their annual Convention & EXPO earned the nickname “Retail’s BIG Show” years ago and because the name was so appropriate, it stuck. This year’s attendance is expected to surpass 33,000 industry professionals.
Published just ahead of that conference is Retail Information System’s (RIS) annual Store Systems Study: Racing Ahead at the Speed of Retail. HPE Security – Data Security is a proud sponsor for the third year in a row. This study marks the 14th year that RIS has published this study that examines coming trends and technological advances that impact retail operations, growth plans, budgets and technology purchases for 2017 and beyond.
Last year, the study noted that retailers were gradually leaving behind their traditional “channel mindset.” They instead are embracing transformative technologies that will ultimately enable them to streamline offerings and services to their customers regardless of channel. The authors calls this strategy “Unified Commerce,” and it is a major component of this study.
IT Spend on the Uptick
Interestingly, retailers plan to increase their overall IT spending for the coming year. Store IT spending, according to the study, will rise 4.7%, and exceeds enterprise IT spending for only the third time since 2010. This could be an indication that retailers have been busy getting their enterprise systems in shape for delivering Unified Commerce capabilities and now want to support their operations in the store, points out the study.
Investment in technology is on the rise, but only by a certain few. The Retail leaders that are racing ahead of the pack are doing it by fueling their growth through IT investments unmatched by mainstream retailers, resulting in a gap between IT-fueled leaders and laggards, points out the study.
The numbers are even bigger for Retailers that have plans for increasing their store count in 2017. They have a store IT planned spending rate that is 26% above the average. Enterprise IT spending for this group of retailers is also well above average at 40%, says the study. The Data Security team is working with leading Retailers to ensure that data security is part of that IT spend. According to the Ponemon Institute 2015 Global Study on IT Security Spending & Investments, IT security practitioners do not have the budget to deal with cyber threats. In fact, 50 percent of respondents to the Ponemon study say their security budgets are flat or actually declining over the next two years. Let’s hope retailers heed this study and beef up security of financial data and protect consumer’s sensitive data.
Is everyone EMV compliant yet, asks the study rhetorically? EMV, or Europay, Mastercard and Visa, is a global standard for cards equipped with computer chips and the technology used to authenticate chip-card transactions. Unfortunately, EMV payment technology is still a huge part of the retailer’s security budget and it is continuing to expand. A big part of the reason, according to the study, is the backlog of solution and vendor certification.
Last year 59% of retailers said they had tried and failed to meet the October 2015 deadline and 38% blamed card issuers as the bottleneck. Only 18% of retailers claimed to have made the deadline. Now, a year later (when all but fuel retailers are supposed to be EMV compliant), retailers say they plan to increase their 2017 spending on EMV by an average of 4.8%, according to the study.
With its advanced cryptographic features, EMV makes the creation of fraudulent payment cards very difficult. Chip card transactions offer advanced security for in-store payments by making every transaction unique. Chip cards are also much harder to counterfeit or copy. EMV transactions give retailers the assurance that they are accepting card payments from their rightful owner.
Unfortunately, EMV transaction security ends there. EMV does not protect payments data in transit from the Point of Sale device (POS) to the card networks. The sensitive card-holder data contained on the card remains vulnerable to theft once it leaves the POS or other payment acceptance device. It is this gap that has been repeatedly exploited in the majority of retail data breaches the market has seen to date.
The study also points out, as previously predicted, that while credit card fraud has decreased in stores for card-present transactions, since the EMV deadline last year, it has increased 325% for online fraud, where EMV technology is meaningless. Our Data Security marketers and sales experts have been working tirelessly to educate retailers on how they need to go beyond EMV technology to protect their sensitive card holder data in ecommerce and mobile applications to neutralize the effects of data breach if it does happen, as it inevitably will.
Top Priorities for 2017
The study also gave the results of retailer’s top priorities, a staple of past studies. The top two priorities are upgrading customer loyalty programs and customer data. Again, we here at Data Security can’t help but point out that these top priorities deal with data, specifically the collection of customer data, which typically includes highly sensitive Personally Identifiable Information (PII) as well as the customer’s Payment Card Industry (PCI) data. With the advanced cyber threats that are prevalent today, it’s becoming increasingly dangerous for organizations to deploy new technologies and processes, and then reactively or retroactively address data security in the ecosystem. Data Security needs to be built into IT processes from the start.
For more in-depth information, expert analysis and benchmark data pertinent for retailers, download the 14th Annual Store Systems Study and benchmark your efforts against the industry’s tech leaders.
Coming to NRF? Join Us for Cocktails!
And if you are coming to NRF, look for the Data Security team at their customer reception at Clyde Frazier’s Wine and Dine, Monday, January 16, 5:30-7:30 PM. Join them for a cocktail reception and an evening of networking, drinks and hors d’oeuvres. Our Security experts will informally share stories, experiences and insights from what they are seeing in the market and how HPE Security – Data Security can protect your payment data with our innovative, data-centric, standards-based payment technologies. Please register here, space is limited.