retailciooutlook

Encryption Equals Customer Service

By Prabash Coswatte, CIO, Vallarta Supermarkets, VSI

Prabash Coswatte, CIO, Vallarta Supermarkets, VSI

Retail Security is being squeezed between two trends—the rising cost of labor and the leveraging of technology. On one hand, the movement to increase the minimum wage is impacting retailers and their ability to manage their expenses. As brick and mortar stores compete with online retail, costs of labor to support physical locations is rising and integrating more technology into the brick and mortar locations helps reduce that expense. On the other hand, introducing more technology into the point of sales conduit increases exposure to security breaches. This is the challenge for the IT functions within the retail industry, looking for opportunities to reduce labor in the store while keeping a personal touch still in place and helping business partners meet their needs.

The rising cost of labor cannot be passed completely to the consumer. Products must be priced competitively and retail, especially for grocers, is a low margin market. The only way to survive is to look for greater efficiencies. One technology tool is the self-checkout kiosk which has been rising in prevalence over the past several years. Self-service eliminates the need for cashiers and allows one cashier to serve many lanes of traffic vs. one cashier per lane. Other method includes Amazon’s approach to no check out at all, using only your mobile phone to finalize your transaction.

As a mid-market retailer, Vallarta competes with other high end grocers such as Whole Foods or Sprouts. We combine technical options with customer service to give the customer a choice, either self-service or personal service. For example, the self-service lanes have a “fast-lane attendant” that provides customer service and cashiering on an “as needed basis.” Vallarta also operates a restaurant within their grocery stores which creates an additional point of sale conduit. Kiosks provide self-service ordering as well as personal cashiering providing customers the ability to again choose the level of customer service they desire.

More kiosks mean more credit card transactions and more required regulations to manage as captured data expands. There are ways to protect consumer privacy and provide strong security, however. Credit card transactions can be protected using PCI standards and point to point (P2P) encryptions to provide a strong, secure connection for the consumer. Though the retailer may want to capture personal information on their customers such as their phone number, email, or the even last four digits of their credit card number, that information is maintained separately from the actual credit card information. This separation of data makes it extremely difficult for a data breach to result in connecting the right credit card to the right consumer, a necessary step to achieve access to the card.

Also, many credit cards are made with internal “chips” to increase security; and outside of the U.S., the use of the chip card is accompanied by a personal identification number or PIN plus your signature. The entire card transaction is encrypted from the minute the care is inserted into the chip reader to the minute it transacts with your bank. If the strictest PCI standards are in place, it is highly unlikely the data can be breached. But this protection also involves a hardware expense—the “penpads” used to read the credit cards must be “chip enabled”. EMV—Europay, MasterCard, and Visa—is heavily used in Europe and is even stronger and already requires chip technology accompanied by a PIN. The perpetual challenge over the next few years will be balancing the expenses of technology with the need to enrich the customer service experience.

With the low margins of retail, every penny counts, which means an organization won’t do something, whether it is purchasing new hardware or upgrading to full compliance, unless it is absolutely necessary. But the customer relationship is vitally important—you only get one chance at winning that customer—and that one chance is right now. If a customer’s trust is lost, it takes a long time to regain it.

Retail Security Issue

FireEye [NASDAQ: FEYE]: Unlocking Deep Threat Intelligence