Security in Retail

The intersection of Customisation privacy and security

Consumers frequently search for more personalization and greater privacy of their retail accounts while sometimes also confusing privacy with security. Personalisation cannot be delivered without some loss of privacy, and privacy and security are not the same.
In terms of data collection, privacy refers to the safe collection of information and its appropriate storage and use by the company. This collection of information allows for the personalisation of the customer’s account. For example, a consumer may provide demographic information in order to receive advertisements and coupons appropriate to their age, gender and so on. More people than not are willing to supply such details; a global survey released last year found that 54 percent of consumers are likely to share information with retailers.
As retailers seek to fully implement personalisation by tracking and integrating data from various devices such as smartphones, tablets the customer experience becomes more seamless and pleasing. However, the more data a retailer collects and integrates, the more vulnerable it becomes. Retail is already a prime target, and as its data repositories grow, it offers a data-rich environment ever more attractive to the cybercriminal.
To tackle the privacy issue, retailers should be transparent by providing an easily understood privacy policy, and consumers should be given the option of choosing when and how their data is collected and used.
Retailers are tasked with protecting their consumers’ sensitive information from the both privacy and security considering both the standpoint. Even if industries are collecting, storing and using information properly, they must concern themselves with the types of attacks that might harm the privacy and protection of consumer data and seek ways to mitigate the exfiltration of their consumers’ data.


Common threat Vectors

Brute force attacks

Brute force attacks accounted for almost 16 percent of the attacks. A brute-force password attack is a technique in which an intruder tries to guess a username and password combination to gain unauthorised access to data. Most of the attacks observed targeted the Secure Shell (SSH) service.


Small amount of the attacks involved requests on certain TCP ports that indicate an attacker is running a backdoor on a compromised network. A backdoor allows intruder to bypass security authentication mechanisms to gain access to a computer program. Most backdoors are placed on systems through a system compromise such as a virus or worm.

SQL injection

SQL injection is the number two attack vector targeting retailers, at 20 percent of attacks. Weak SQL database security policy is a common denominator in successful attacks. Ironically, data from the IBM X-Force Vulnerability Database shows that while attacks utilizing this threat are
still widespread, the last few years have seen a substantial decline in the number of SQL injection vulnerabilities disclosed and the associated exploit code made publicly available. In fact, from 2011 to 2015 there was a 54 percent drop in the number of SQL injection vulnerabilities disclosed. The ratio of vulnerability to publicly available exploit code has also been declining. This means that attackers are carrying out successful attacks on older, unpatched SQL injection vulnerabilities.
Join Baseel Services for | Reail Industry
Privacy Settings
We use cookies to enhance your experience while using our website. If you are using our Services via a browser you can restrict, block or remove cookies through your web browser settings. We also use content and scripts from third parties that may use tracking technologies. You can selectively provide your consent below to allow such third party embeds. For complete information about the cookies we use, data we collect and how we process them, please check our Privacy Policy
Consent to display content from Youtube
Consent to display content from Vimeo
Google Maps
Consent to display content from Google
Consent to display content from Spotify
Sound Cloud
Consent to display content from Sound