Blog contributed by Carlos Kizzee, Executive Vice President of Intelligence Operations & Legal Affairs, RH-ISAC.
eCommerce is central to modern life, and its share of the overall retail market is continuing to grow. Our customers trust us with huge amounts of personal information to make their transactions easier—we remember shipping addresses, payment methods, personal preferences, and much more. What happens when that data isn’t as safe as it should be?
RH-ISAC and The Media Trust are exploring some of the unexpected aspects of online retail in our series, 7 Crazy Things that Happen in your Online Store Every Day. The sixth piece in this series, “Crazy Things You Wouldn’t See in a Retail Stored (Data Privacy),” focuses on customer data privacy and how it ha become a more and more important issue over the years, with major legislation like the CCPA and GDPR being passed to help protect that information. Retailers recognize the importance of this information, but there are some problems out in the wild.
Imagine walking into your physical store. You see an associate at the front door, greeting customers. He asks each customer what they’re looking for, what size they want, where they’d like their order shipped, and if they have any other preferences. He jots all the responses down and then leaves the clipboard sitting on a stool by the front door as he walks away. You continue to walk around the store, and circle around to the registers. The clerks are taking people’s credit cards, copying down the numbers, expiration dates, associated addresses, security codes; and they too are leaving that information sitting on the counter for all to see.
Leaving customer information lying around where anyone with malicious intent could scoop it up and walk away Sounds crazy, right? But in effect, this kind of thing can happen more regularly than you might expect in eCommerce, if retailers don’t protect their customer data as rigorously as they should. The failure to protect customer data is not just a violation of many regulations, it can also pose a significant loss to your business. Protecting your customers’ information is absolutely critical to maintaining your brand cache and customer trust.
Luckily, protecting your customers’ info is within reach of the modern retailer:
- Continuously monitor your site, particularly sensitive pages, carts, and checkouts, for any data collection activity. As with so many vulnerabilities facing retailers, third-parties are often an attack vector here.
- Carefully monitor for data exfiltration. If you’re seeing any data being removed that you’re not expecting, you could have a problem. How much information about your customers are third parties keeping for themselves?
- Set up agreements and policies with your third-parties and vendors to govern the collection, exfiltration, and use of data from your site.
Protecting customer privacy in the digital space is a high priority for retailers. Failure to do so can lead to loss of customers, loss of revenue, and to regulatory sanctions and fines. Carefully following best practices such as those listed above will, in most cases, keep you on a safe path.
RH-ISAC and The Media Trust will be looking into more surprising, unexpected, and flat-out crazy things that happen in digital stores that wouldn’t happen anywhere else. Check out the other blogs in this series: