Posted on

Top tips for cyber security next year

Top tips for cyber security next year

Only 10% of companies will be ready for the EU’s General Data Protection Regulation by the May 2018 deadline and, by the end of the year, we will see the first companies closing due to fines.

That’s a prediction from Colin Tankard, Managing Director of data security company, Digital Pathways. And here are his other nine predictions for the cyber market next year.

  1. A major cloud player will be shut down for 24 hours due to a cyber attack and data loss. This will trigger users to question their providers as to levels of encryption, where are the keys held and who has access to them? There will be growth in third party security. Services such as Bring Your Own Key (BOYE) will be the mantra, as companies will no longer trust a single cloud vendor and will spread their data around a number of providers.
  2. IOT security will remain weak, even with the launch of light encryption. This will be due to manufactures still using old chipsets that have security flaws.
  3. Email security will be one of the fastest growing areas in data security as ‘man-in-the-middle’ attacks increase and more companies are fined, due to leaked data from intercepted emails or, rogue emails being received.
  4. There is likely to be a grave shortage of skilled staff to plug the GDPR need, especially in the rise of the Data Protection Officer, now mandatory within the GDPR regulations.
  5. Voice recognition will be widely deployed as a form of two-factor authentication, given the improvements in Siri, Alexa, Cortana and Google.
  6. At present around 31% of companies pay ransom-ware demands. This will reach 50% in 2018.
  7. File-less attacks will be the new attack Trojan. These viruses reside in the memory of the PC and remain there until it is rebooted. Normal AV will not detect these attacks.
  8. Social engineering attacks will increase as a way to get into an organisation. This will lead to an increase in detection systems being deployed inside an organisation so as to spot unusual behaviour, both in people and systems.
  9. We will all start calling our cars KIT as we move into the driverless era!

The post Top tips for cyber security next year appeared first on Retail Risk News.

Source: Loss and Prevention News

Posted on

Why Black Friday was blacker for some than for others: comment

Why Black Friday was blacker for some than for others: comment

Optiseller, a new e-commerce data platform from Developing IT, used this year’s Black Friday as an opportunity to look at how some of the largest sellers on eBay UK performed on what is thought to be one of their most important trading periods of the year.

Using their off-the-shelf ‘Optiseller eBay Competitor Performance Dashboard’, which they say takes just minutes to set up, requires no accredited access to the target account or accounts, and provides results within hours, the team of e-commerce experts at Optiseller concluded that Black Friday isn’t yet as important to all sellers as you might expect. They analysed why this might be, and came up with these insights.

Declan Power, Optiseller COO said:

“Over the weekend we looked at a mix of top 10 and top 100 eBay sellers across different categories such as fashion, tech, and home and garden and monitored their performance. These included household names such as Tesco, Argos, Littlewoods, Currys PC World, and Superdry, as well as some perhaps less obvious but significant eBay sellers such as ‘ppretail’ (Home & Garden) and ‘kenable_ltd’ (Computers). What we discovered was:

  • Despite the perception that Black Friday is a boon for all online retailers, performance across the test sample was mixed at best. While 30% of sellers experienced a significant uplift (more than 10%) in sales volume over the period, and another 30% experienced a more moderate (more than 3%) sales uplift, the remaining 40% of sellers saw little or no increase in sales performance over the weekend.
  • Those sellers who saw the greatest increase in sales volumes were also typically those who led the way in adaption of Optiseller recommended KPIs such as:
    • eBay Markdown Manager (Discounts)
    • Multiple Shipping Options including Click & Collect
    • Image Variation
    • Title Optimisation (Length and Item Specifics)
    • Item Specifics
    • Buyer Protection
  • For some sellers, it doesn’t appear to make sense to actively discount and promote for Black Friday:
    • Commodities and seasonal stock such as IT peripherals and home and garden product lines don’t appear to sell well on Black Friday. This may be due to lack of consumer demand, or a reluctance by sellers to discount and promote such items in the belief this is more likely to displace future sales rather than generate additional growth.
    • For clearance channel sellers, lack of stock depth may preclude participation.

Therefore, while Black Friday can certainly be beneficial for eBay sellers, it pays to consider whether it suits your business, and if you are going to participate. Apart from ensuring the correct offering is available, it also pays to track and manage those key performance indicators which can make a big weekend even bigger.”

 

The post Why Black Friday was blacker for some than for others: comment appeared first on Retail Risk News.

Source: Loss and Prevention News

Posted on

While Black Friday has gone global, Cyber Monday remains North American: survey

While Black Friday has gone global, Cyber Monday remains North American: survey

Black Friday is now a big event for consumers in many leading economies but Cyber Monday has yet to catch on.

An international survey in the week before Black Friday 2017 which asked participants “which shopping event have you been waiting for this year?” found the most popular event was Black Friday.

The online survey, conducted last month among 3,400 participants from eight developed countries, the US, Canada, the UK, France, Germany, Spain, Australia and Japan, revealed that Black Friday enjoys a double-digit popularity percentage in seven of the countries, while Cyber Monday tops out at only 4% outside of North America.

One Hour Translation, the translation agency which conducted the poll, allowed respondents to pick more than one answer to the question which shopping event they had been anticipating. 1,000 of the participants were from the US, 600 from the UK and 300 from each of the other six countries.

In the United States, 14.5% of respondents said they were waiting for Black Friday, which took place on November 24 this year, while 16% were waiting for Cyber Monday (November 27). Black Friday is particularly popular in Canada (about 26%), Spain (about 22%), France (about 21%), the UK and Germany (about 19% each) and to a lesser extent in Australia and Japan (about 10% in each country). On average among the 8 countries sampled in the survey, 17% of respondents were looking forward to Black Friday, compared to about 8% who were looking forward to Cyber Monday and about 3% who were looking forward to the Singles Day event (the Chinese holiday celebrating single people) – making Black Friday a significant shopping event outside the US.

Cyber Monday, on the other hand, enjoyed a double-digit popularity percentage only in the North American countries. 16% of respondents in the United States said they were waiting for Cyber Monday, and 10% of respondents in Canada, figures that were much higher compared to the ones observed in the UK (about 4%), Australia, Germany, Spain, France and Japan (about 3%).

The Chinese “Singles Day” shopping event, which takes place every year on November 11, was highly anticipated among 7.5% of respondents in Japan, as opposed to approximately 6% in Spain and France, 4% in Canada, 3% in Germany, 2% in Britain and Australia, and only 1.4% in the United States.

Despite the fact that the survey was conducted online and was naturally geared towards online consumers, about two thirds of respondents (68%) on average among the eight countries said that they were not looking forward to any online shopping events. About 4% of the 3,400 respondents said they were looking forward to shopping events other than those examined in the survey.

Ofer Shoshan, co-founder and CEO of One Hour Translation, commented: “we would encourage e-commerce companies outside of North America to invest in associating their activity and their brand with the Cyber Monday event.”

 

The post While Black Friday has gone global, Cyber Monday remains North American: survey appeared first on Retail Risk News.

Source: Loss and Prevention News

Posted on

Webchat “overtaking social media” as preferred channel for customer queries

Webchat “overtaking social media” as preferred channel for customer queries

The communications platform Gnatta is reporting a shift towards webchat in customer queries to its retailer partners, including ASOS, AO and Missguided, during Black Friday week.

Gnatta says it processes more than two million conversations a month across its platform, which pulls together various channels a company uses to communicate with customers – including email SMS, social media, webchat, telephone, review sites or email.

Increasing numbers of these interactions happened across webchat (38%), a shift from last year when social media accounted for nearly 50% of all queries and webchat for 26%, says Gnatta. Social media accounted for 37% of queries this year. This points to a shift towards faster resolution, as customers increasingly expect to receive an immediate response.

Initial estimates indicate that this year’s Black Friday was set to beat all records, with IMRG predicting that sales would be up 9% on 2016.

Gnatta’s figures indicate that final sales tallies will be even higher as customer interactions have increased by 47% over last year.

Jack Barmby, founder and CEO of Gnatta said: “The way customers communicate with retailers is changing. People expect an instant response on any channel. They want a retailer to know about previous conversations they’ve had, and to be able to connect the dots across channels. A good retailer will be able to deliver that. Great customer experience differentiates a brand. If you’re going to sell more products, you need to be able to handle more customer queries, too. And you need to be ready to deal with customers seamlessly across multiple channel – phone, social media, messenger, webchat, email, the lot.”

The post Webchat “overtaking social media” as preferred channel for customer queries appeared first on Retail Risk News.

Source: Loss and Prevention News

Posted on

Location, location, location

Location, location, location

An employee relying on a lone worker device in a threatening situation needs to know their system will work fast.

One key speed performance indicator is the time it takes to get a location fix on the device, known as the time to first fix, or the TTFF. This time differs depending on various factors, including the technology.

While most lone worker devices use GPS alone, SoloProtect ID is the first, and currently the only, dedicated lone worker device that utilizes GNSS (Global Navigation Satellite System) technology.

The makers, UK-based SoloProtect, will be exhibiting the SoloProtect ID at the Retail Risk – Los Angeles conference on February 22nd. To register for the conference, free to all retailers, go to http://www.retailrisk.com/los-angeles/.

GNSS uses nearly three times as many satellites as GPS, including those available to GPS, making the TTFF both quicker and more accurate—critical for the call to action.

Without a fast TTFF in a genuine emergency situation, opportunities to record and react to what happens in the early stages of an incident may be lost.

With pre-loaded “maps” of multiple satellite networks via A-GNSS (Assisted-GNSS), it is often possible to get a location fix within seconds.

Calls from the device in the US are connected to the SoloProtect Monitoring Center where a team of Advanced Emergency Medical Dispatcher (AEMD), Cross CPR, and HIPAA-certified operators, will support you in the event of an emergency.

Having a reliable alarm system is vital to employees and to employers, and can result in fewer days off work and less attrition. Additionally, using the device reduces the need for the deployment of pairs on a buddy system.

SoloProtect says it will continue exploring new technology to help lower the risk of those working alone, and employing GNSS and A-GNSS marks momentous headway in reducing the time it takes to assist a lone worker in their emergency.

SoloProtect’s solutions have been adopted by leading brands including HH Hunt, Penn Engineering, Sky, Hilti, The Body Shop, John Lewis, Holiday Inn, L’Oreal and Albany International, to name a few.

 

The post Location, location, location appeared first on Retail Risk News.

Source: Loss and Prevention News

Posted on

Uber slated for “amateur” data breach and cover-up

Uber slated for “amateur” data breach and cover-up

Uber made several cardinal errors in its handling of data security and the fall out from a cyber breach, media reported this week.

The theft from the company of 57 million customers’ and drivers’ personal data was not revealed publicly until this week but happened in October 2016, Bloomberg reported on Tuesday.

The company paid the hackers $100,000 to delete the information and keep quiet.

The company’s failure to disclose the breach was “amateur hour”, David Hoofnagle of the Berkeley Center for Law and Technology told the Guardian.

It made little sense to cover up the breach, as the only way the company would have direct liability under security breach notification statutes would be if it did not give notice, he said.

The fact the data were being stored unencrypted was an “unforgivable” error, cyber security firm Bullguard commented.

The New York state attorney general’s office has opened an investigation into the data breach, a spokeswoman confirmed.

Uber has said in a statement to drivers that it will offer those affected free credit monitoring and identity theft protection.

The hackers stole personal data including names, email addresses and phone numbers, as well as the names and driver’s license numbers of about 600,000 drivers in the United States. The company said more sensitive information, such as location data, credit card numbers, bank account numbers, social security numbers, and birth dates, had not been compromised.

The New York state attorney general’s office has opened an investigation into the data breach, a spokeswoman confirmed.

“Non-disclosure creates a practical risk in the hundreds of millions,” said Hoofnagle.

In June, health insurer Anthem settled litigation over a 2015 breach affecting 79 million people for a record $115m.

As from next May non disclosure of a data breach, and/or non-encryption of personal data, will render companies liable to fines of up to 4% of global annual turnover or 20 million euros under the EU’s General Data Protection Regulation, GDPR.

 

 

The post Uber slated for “amateur” data breach and cover-up appeared first on Retail Risk News.

Source: Loss and Prevention News

Posted on

Cutting cardholder disputes with Verifi’s Order Insight

Cutting cardholder disputes with Verifi’s Order Insight

For issuing banks and merchants, the cheer of the holiday shopping spree is always followed by a spike in cardholder disputes.

Whether driven by confusing billing descriptors or friendly fraud, cardholders will flood an issuer’s call centre throughout January, costing each issuer hundreds of thousands in processing, investigation and call centre expenses.

One way of reducing cardholder disputes is for issuing banks and merchants to share more information, and a new service is enabling them to do exactly that.

The Los Angeles based payment protection and management solutions provider, Verifi, recently introduced the new service – Order Insight – and will be showcasing the solution at the Retail Risk – Los Angeles conference on 22nd February.

To register for the conference, which is complimentary for retailers and end users, go to http://www.retailrisk.com/los-angeles-booking/

The new service builds on Verifi’s Cardholder Dispute Resolution Network (CDRN), which helps issuing banks to include merchants at the outset of a dispute.

Order Insight is an additional chargeback and fraud mitigation service that enables issuing banks to share transaction details––such as merchant’s name and contact information, date of purchase, name of device used in the order process and item or service descriptions (size, colour, style)––between cardholders, merchants and issuers.

By providing this data directly into the issuing bank’s online or mobile applications, a questionable charge can usually be resolved without a phone call, the company says.

It quotes the following metrics for the first and second quarters of 2017.

Net Success Rate:                        89%

Total Disputes Handled:             Just over 1 million

Merchants Included:                    15,225

Average Resolution Time:            22.7 hours

Resolved Disputes:                        270,009

Resolved Dispute Amount:           $13.8 million

The post Cutting cardholder disputes with Verifi’s Order Insight appeared first on Retail Risk News.

Source: Loss and Prevention News

Posted on

Cash paying customers check out faster with SMARTtill

Cash paying customers check out faster with SMARTtill

APG Cash Drawer, a manufacturer of cash management solutions, on Thursday announced the release of TCP/IP connectivity for the SMARTtill® Cash Management Solution.

“The new capability will enable retailers to accept cash at a dedicated cash check out location while still maintaining cashier accountability,” said Stephen Bergeron, V.P. of Global Marketing at APG Cash Drawer.

“No longer will cash paying consumers need to stand in line with customers paying by credit, debit, and mobile wallets. Retailers can reduce the POS hardware required to handle cash transactions freeing up more valuable counter space to display products, and cash transactions are consolidated to a single SMARTtill® Device,” he said.

APG Cash Drawer envisages the innovation creating a modern, flexible shopping environment for customers in convenience stores, grocery stores, small boutiques, fast food, quick service restaurants, and gas stations.

The solution can now be operated entirely via TCP/IP allowing integration with cloud based POS and back-office applications. Integration with mobile POS platforms will allow the use of multiple tablets or other handheld devices while still maintaining cashier accountability. The Intelligent Cash Drawer’s built-in Ethernet port enables networked Point of Sale (POS) via the retailer’s LAN network.

The IP SMARTtill® Intelligent Cash Drawer also enables other types of “host to Slave” configuration(s) whereby “back office” software or cloud systems can control and monitor the hardware without the need of integration with the POS application. The IP SMARTtill hardware can be used with a conventional printer set-up so that the cash drawer opening impulse can either be derived from the local printer, network printer or from a network host.

“The integration capabilities provide additional valuable insight into back-office reporting and reconciliation activities to improve store productivity and reduce cash losses by up to 90%,” said Robert Banker, Director of SMARTtill Sales. “The SMARTtill® Solution, when integrated with CCTV, loss prevention, cash management or POS applications can track in real-time which associate uses the Intelligent Cash Drawer, the transaction time, related transaction details, and the actual cash float level. This information granularity helps managers schedule cash lifts and top-ups more efficiently, quickly resolve discrepancies, and identify problems or training opportunities with specific employees.”

The Ethernet SMARTtill Solution functionality is an additional enhancement to the existing technology that utilizes the current communication protocol, but with network security enhancements. “In a wireless setting, these capabilities are especially relevant, continued Banker. “When several associates use a single Intelligent Cash Drawer, the SMARTtill® Technology keeps records matching an employee to each transaction. This provides loss prevention capabilities by making it possible to tie a specific employee to any cash shrinkage-related issues. This customer shopping experience is also improved as sales associates are free to move around the store helping customers for a chance to capture sales at the point of decision.”

 

The post Cash paying customers check out faster with SMARTtill appeared first on Retail Risk News.

Source: Loss and Prevention News

Posted on

Should the UK import “exhausted” brands?

Should the UK import “exhausted” brands?

One of the many unknowns for the UK in the wake of Brexit is what model of “trademark rights exhaustion” will apply in future.

Lawyers predict this could have a major impact on the fashion industry, in particular.

An “international exhaustion” model has the potential to drive down prices, reinvigorating the high street. But it could damage British distributors, who risk being undercut by retailers, and customers, sourcing products overseas at more competitive prices.

Rob Lucas, Partner and Head of Intellectual Property at Shulmans LLP sent RRN this comment on the issue:

“Trade mark exhaustion governs the ability to buy a genuine, branded product and resell it under the brand name concerned.  Whilst it may seem quite sensible within the sector to be able to buy a branded item of clothing, such as a pair of Levi jeans, and sell them on to your distributors, retailers and customers with that identity attached, the legal position is not that simple.

“At present the UK is subject to rules on trade mark exhaustion which apply within the European Economic Area (EEA).  These rules apply “regional” exhaustion, which means that you can source genuine branded clothing anywhere within the EEA, move those items to another country also within the EEA, and sell them using the same brand name.  Likewise, if you place your own branded products on the market in the EEA, a third party can buy those products, export them and resell them under your brand.

“However, under regional exhaustion the position changes when products enter or leave the EEA boundary. Where product enters the EEA, the brand owner can stop the resale of the products even though they are genuine products. So, if you sourced Levi jeans from the USA, you could be stopped from importing them into the UK and reselling them using the Levi name.

“After Brexit, the political ideal of being an open, freely trading nation suggests that we might revert to our pre-EU days of “international” exhaustion. This would allow businesses the most freedom, affording them the ability to buy genuine products from anywhere in the world and import them into the UK for resale. As there is often a significant price difference between products in the UK and overseas, UK fashion businesses would be able to take full advantage of those savings providing a substantial new revenue and margin opportunity.

“The ability to source products at a lower price could therefore drive down RRPs (recommended retail prices) as added value for consumers, and offer customers greater choice, with the potential to ultimately revitalise the high street. Although this might sound like the best outcome, there are several factors that should be considered.

“In direct contrast to the desired outcome of driving up sales in UK stores, there is the chance that this potential change in legislation could instead lead to an increase in customers buying direct from overseas. Likewise, UK retailers may be tempted to source products overseas for a more competitive price than could be offered by a British distributor. There is also the danger in exported products entering the UK market at a much lower price than was ever intended for this territory, allowing them to be stocked by retailers that the brand would never have willingly sold to by choice with the potential to impact on the brand’s overall positioning.

“International freedoms also raise concerns regarding issues of quality and consistency, as there is a consumer misconception that the branded goods they know and love are of the same quality in all the countries in which they are sold. In reality, product quality can vary drastically depending on where you are in the world. Whilst customers may be able to source their favourite brands in the UK at a lower price, there is a high chance they may experience a reduction in quality compared to usual UK standards, which in turn could compromise brand loyalty and reputation. There is also the potential for increased volumes of counterfeit goods, with fakes being harder to spot due to varying levels of quality being imported.

“With no clear indication as to how the Government will determine the exhaustion approach post Brexit, retailers and brands alike are advised to consider their current distribution models, safeguarding brand identify and current sources of revenue.”

 

 

 

 

 

The post Should the UK import “exhausted” brands? appeared first on Retail Risk News.

Source: Loss and Prevention News

Posted on

Pizza Hut customers informed of data breach after 12 days

Pizza Hut customers informed of data breach after 12 days

Pizza Hut waited nearly two weeks to inform customers of a data breach that is believed to have affected 60,000 people across the US.

The company circulated an email on 14th October to customers thought to have been affected.

This said: “Pizza Hut has recently identified a temporary security intrusion that occurred on our website. We have learned that the information of some customers who visited our website or mobile application during an approximately 28-hour period (from the morning of October 1, 2017, through midday on October 2, 2017) and subsequently placed an order may have been compromised.

“Pizza Hut identified the security intrusion quickly and took immediate action to halt it.”

A call centre operator told the McClatchy news site that about 60,000 people were affected. Pizza Hut has not confirmed or denied this.

It is reported that names, billing ZIP codes, delivery addresses, email addresses and payment card information — meaning account number, expiration date and CVV number — were compromised

The notice sent out to affected customers said Pizza Hut estimates “that less than one percent of the visits to our website over the course of the relevant week were affected”.

Those customers have been offered a year’s free security monitoring with Kroll Information Assurance, LLC, but that hasn’t reconciled everyone to the company’s handling of the incident.

One customer tweeted: “Hey @pizzahut, thanks for telling me you got hacked 2 weeks after you lost my cc number. And a week after someone started using it.”

The Washington Post reports that there are multiple reasons why customers might not be informed of a hack immediately. Law enforcement might have delayed the announcement, to avoid alerting other hackers, for example, and it takes time for companies to determine the exact scope of a hack, what information was stolen in the first place and if the data taken could cause serious damage to customers, according to the Post.

There are different standards in 48 states and U.S. territories for how and when a hack needs to be disclosed. Alabama and South Dakota are the only states that don’t have security breach notification laws, the Post reported.

And of those 48 states, only eight states — Connecticut, Florida, Maine, New Mexico, Ohio, Rhode Island, Tennessee and Vermont — set a timeline for when the hacks need to be announced, which range from 30 to 90 days, according to the Post.

 

The post Pizza Hut customers informed of data breach after 12 days appeared first on Retail Risk News.

Source: Loss and Prevention News