6 key takeaways from NRF PROTECT ALL ACCESS

Loss prevention experts’ views on potential vulnerabilities and how to mitigate them

Retailers face new challenges as they work to protect their brand reputation and the integrity of their business during COVID-19. With almost all business operations taking place over the web, there is no longer a need to distinguish between digital and physical security ― threats are omnipresent. But with effective monitoring tools and the will to collaborate across industries, retailers can get in front of anticipated threats.

NRF PROTECT ALL ACCESS, a four-day online event, brought together retail’s security leaders to share important insights and discover the latest tools and partners to help protect their organizations against cyber risks. Leaders from Microsoft, McDonald’s, American Eagle Outfitters, Verizon and more shared how their companies address trending issues in security, loss prevention and the ensuing business impact.

Retailer Insights

Check out more information on how to keep stores safe and secure here.

Rising novel and sophisticated retail threats

“Retail was the second most targeted industry by cyber criminals in 2019,” said Chief Revenue Officer James Villeneuve of Echosec Systems, quoting an IBM study during a session on digital risk prevention in retail. Getting ahead of threats is paramount: According to IBM, the average cost per data breach is $8.64 million in the United States alone and there is increasing risk for a predominantly remote workforce. Cyber criminals are becoming more sophisticated and new concerns are being raised, forcing security leaders to be proactive rather than reactive.

A rising threat involves “professional refunders,” experts who work with customers to get their money back fraudulently. Once customers receive an order they placed online, the refunder contacts the merchant to claim the merchandise was never received. When a refund is secured, the customer keeps the item originally purchased and pays the refunder a percentage of the order value refunded. Professional refunding groups are organized and have researched the best methods of requesting repayment based on methods like manipulating shipping labels, tracking numbers or making false claims.

Work inter-departmentally to predict customer behavior

As ecommerce fraud becomes more prevalent, leaders must have the right controls in place to know what to look for before considering the best solutions. Dajana Gajic-Fisic, head of ecommerce risk operations at JD Sports - Finish Line, said awareness of customer patterns, understanding customer site activity and looking for outliers in behavior can give clues that a user’s information may be compromised. For example:

  • How long the customer normally spends on your website
  • The amount a customer normally spends
  • The time of day a customer visits your website
  • A customer’s total number of logins
  • Changes in frequent orders
  • Frequent change of addresses

Cross-departmental collaboration is also important among customer service and IT teams. These professionals often see similar threats in different industries and can give insights on what to look out for.

Utilize technology to monitor patterns

Security professionals contemplate what’s coming next so they can react quickly. Advanced monitoring technology can help security professionals anticipate and rectify potential threats without the need for human interference. In the session “Physical loss plus cyber loss equals total loss,” Jon Williamson from Tyco-Johnson Controls shared how machine learning software is helping retailers understand non-theft concerns.

Buy online, pick up in store, curbside pickup, contactless delivery and carryout technology are already providing insight into shopping behavior, but emerging retail technology is on the rise that protects shoppers and employees through monitoring body temperature, scanning for proper social distancing and mask compliance.

Think creatively to address workplace conflict

Protecting digital assets and intelligence is just as important as protecting assets in a store, particularly in this new environment.

COVID-19’s added pressures and increasing frustrations on the economy and workforce have led to increased conflict at retail establishments. After a physical assault resulted from a customer refusing to wear a mask, Hugo Cortez from McDonald’s said the restaurant decided to address customers from behind the counter to create a barrier to de-escalate further violence.

It’s important to revisit no-tolerance workplace violence policies often for clear operating rules. Policies should prohibit employees from engaging in bad behavior and address what an employee should do if they see something or become a victim of that behavior.

Virtual work can be compromised

The pandemic has created a sense of community building and the opportunity to collaborate across sectors to connect solutions that reduce cyber threats. But the pressures of remote work are challenging; teams must check in frequently and responsibly, said Michael Mason, chief security officer at Verizon.

While working from home, phone and video communications should be monitored for connection strength. Professionals should double-check whether a conversation is being recorded, whether anyone can enter a conference call, and who has access to a meeting password. Be sure not to discuss anything confidential, make sure you’re comfortable with software you’re using and don’t presume a user on the other end has the same technical experience as you.

Educate customers on potential threats

In the session, “A new decade of account takeovers,” experts discussed how the security of retail payments and more are compromised in the current environment.

“The more people are buying online, the more fraud is going to happen,” said DJ Murphy, editor-in-chief of Reed Exhibitions’ Security Portfolio. Unfortunately, any business using an online payment system is susceptible to fraudsters stealing and monetizing information, particularly if they notice consumers are using passwords across multiple sites.

Educating customers about how to protect their information is an important deterrent in cybercrime, said Macy’s Director of Fraud Strategy and Analytics Eric Rainsberg. “Education is big,” he said. “Having the right verbiage and the right prep for when the customer comes to you goes a long way.”

NRF PROTECT ALL ACCESS sessions and more are available until October 31, 2020.

Related content

New NRF Foundation credential provides tactics to mitigate customer conflict
 
Trainings help retail workers work safely and keep the economy open.
Read more
NRF Foundation Introduces COVID-19 Trainings for Retail
 
NRF Foundation Introduces COVID-19 Trainings to Aid Retail Employees
Read more
Prioritizing customer service throughout the pandemic
 
Key takeaways from conversations with QSR experts.
Read more