While it might be a bit premature to write a eulogy for brick-and-mortar stores, there is no denying the fact that e-commerce or e-retail has not become an integral part of our daily lives. Inevitably, the COVID-19 pandemic and the associated social distancing norms and health and safety concerns have accelerated the shift towards digital adoption across industries and businesses.
Today, most people prefer to conduct nearly all their retail activities, whether it is buying vegetables or clothes, online. This has also resulted in significant growth in retail e-payments since the ability to accept payments digitally has become critical for retailers.
At the same time, retail e-payments are also a common target for hackers. This is because the industry houses customers’ personally identifiable information (PII) along with the payment data required to complete transactions. With the industry growing so is the threat of cyber-attacks. Thus, it now needs to assess the threats related to cybersecurity and proactively implement the most viable solutions.
Cybersecurity at the helm
In retail payments, cybersecurity and fraud prevention are paramount since any compromise on security would have widespread ramifications on customers and the business. For example, a data breach would definitely have an impact on the customers. However, it would also have a big impact on the brand and lead to an erosion of trust.
Over the long term, this could cost the firm its customers as well as revenues. Further, it has been observed that if these incidents are sporadic and do not attract enough media attention, then businesses often sit on the fence with respect to making the necessary cybersecurity investments. They tend to look at the net cost of the fraud/security breach versus the investments required to proactively prevent such incidents in the future. Unfortunately, this is a very myopic view that could cost the firm dearly in the long run.
Implementing the right cybersecurity solutions
Largely, cybersecurity deals with establishing defensive moats around your organisation to safeguard the company’s data and fortify it in case of cyber-attacks. There are primarily two aspects of cybersecurity:
i. Implementation of state-of-the-art solutions in the data centres, terminals/touch points, and operations centres: Implementation of security solutions in Datacentre as well as in the overall technology aspect including processing applications, terminal software, etc., is being practiced in the industry largely due to regulatory advisories or mandates.
To that extent, only the bare minimum is being done. Very few businesses and institutions operating retail payment systems actually take proactive measures to mitigate the chances of a security breach or fraud incident. Moreover, with the exception of businesses that have actually been victim to such incidents, most others are treating this simply as another tick in the box. This is primarily because when viewed from a cost involved for cybersecurity solutions vis a vis ROI lens, the cybersecurity solutions do not make a compelling case. As a result, companies inadvertently choose to be vulnerable.
ii. Educating the participants of payment systems such as operations staff, users, etc: Educating the users is another challenge since it requires continuous efforts/refreshers through effective communication. There are many methods of payment options and solutions available today and consumers can choose to adopt one or many of them. However, the security practices that need to be adopted by the user might differ from one payment option to another. Thus, the user needs to be educated accordingly. It may sound a bit radical but ethical hacking can also be effectively used to educate customers.
For example, it could be leveraged to create a dummy hack, thereby apprising the user of the consequences of not following the required security practices. Such experiences can prepare them for the long term and help them become more conscious about security.
At a more nuanced level, firms can use Artificial Intelligence or Machine Learning (AI/ML) solutions in combination with strong cryptography and key management processes to fortify the overall cybersecurity structure. The costs involved in the implementation of such solutions need to be evaluated against the long-term economic impact of not having these solutions. However, for several companies, the high cost of implementing such security solutions might not be viable for the business. Hence, industry players should be incentivised to adopt the best practices and security standards.
If the payments system is vulnerable, then people will no longer buy and sell. There will be no transactions. In addition to the financial damage on businesses and people, lax cybersecurity systems can also have a significant economic impact on the country. Thus, it is important for payment providers to expand their cybersecurity budgets and proactively implement the best solutions to ensure the steady growth of the industry as well as the economy.
The author, Ashish Mehta, is President – IT at AGS Transact Technologies Ltd. The views expressed are personal
First Published: IST