In 1946, Brooklyn bank owner John Biggins debuted a product that allowed customers who had accounts open at his bank to purchase goods by just using a card, according to CreditCards.com. This idea, known as the Charg-It card, served as a precursor to the common practice of using credit cards in retail stores today.
What's startling to know is that, nearly 50 years earlier, the first case of ID theft via credit card was reported. A man had thrown an account card he no longer wanted in the trash and someone else had fished it out. Over a century later, much has changed. However, the principle idea of thieving someone's classified data through thrown-away technology is still alive and relevant.
The largest difference is simply the amount of consumer data that retailers commonly store. That charge card spawned a multitude of products, but the rapid pace of technology and industry development has made it so that credit card data is far from the only confidential material stored on retail hardware.
Amazon Go and the retail store of the future
Amazon, the company long known as an online retail giant, shocked the tech world in 2016 with the announcement of an actual brick-and-mortar store. The location, called Amazon Go, finally opened to the public in early 2018. However, this store is not the same as its predecessors. There are no cash registers or cashiers. Customers use the Amazon Go app to gain entrance, then simply grab whatever they want and leave.
The technology that enables this new streamlined shopping experience is called Just Walk Out and not much is known about it, other than it uses computer vision, AI, sensors and pre-existing consumer data to craft a 21st century retail experience. This is far more than just simply storing credit card data on point-of-sale terminals.
An IoT-enabled shopping experience
A large part of what makes stores like Amazon Go possible involves the internet of things. Consumers need a smartphone app to enter the store. This software syncs up with their Amazon accounts, allowing the company to charge for whatever goods are selected.
However, this is not the only way that IoT is impacting the retail space. Consumers are more connected to e-commerce than ever before through tablets, smartphones and other mobile computing hardware. This allows them to browse deals in-store, looking for the best prices on products. As an Intel white paper pointed out, actual locations are now also places of entertainment and home to IoT-enabled displays, allowing customers to see best how certain products would work before committing to buy.
The increasing amount of personal information stored at retail locations
This increased connection has lead to retailers possessing a higher amount of personal information. In the past, debit and credit cards, as well as checks, were the most confidential consumer documents a retail company owned. Now, passwords, email addresses, physical addresses and other information is usually stored, since the vast majority of physical retailers also have online stores.
In addition, many retail locations contain Wi-Fi and network-enabled promotions that can require a connection to the customer's smartphone. This grants a retailer even more consumer data access. The vast amount of confidential data now available within retail stores and their servers has made these locations an increased target for cyberattack and identity theft.
"Since Safeway had a pharmacy, it was mandated to follow HIPAA regulations regarding data disposal."
Pharmacy and HIPAA overlap
Periodic data destruction is vital at all retail locations but especially those that possess on-site pharmacies – a growing trend for customer convenience. In 2015, grocery provider Safeway was fined $10 million for improperly disposing of its consumer data. Since the grocer had a pharmacy, it was mandated to follow HIPAA and all proper health care laws regarding data disposal.
The company was charged with simply throwing hardware away without engaging in proper data sanitation. The result allowed vigilant criminals to recover the tech and its confidential information.
Different industries are held to various data destruction standards but health care tends to be the most extreme due to its essential nature and the sheer amount of personal information that must be stored – including birth date and Social Security information. Any retailer with an attached pharmacy must be able to adequately meet HIPAA regulations on data destruction, as well as any additional state-level laws.
Customer privacy: the retailers burden
A large problem is today's world is corporate ignorance when it comes to cybersecurity and data destruction. Tanium and Nasdaq reported that, in 2016, over 90 percent of executives did not understand cybersecurity data and felt that consumer information protection was not part of their duties as a retail provider. This technological illiteracy extends far beyond being a danger to consumer data and into threatening the company's well-being.
Effective data security implementation requires understanding and leadership to ensure that the correct budget and personnel are assigned. With executives taking a pass and claiming ignorance, they are opening up every network avenue in their company to serious risk.
On top of this, the customers of retail establishments do not feel the same way. A recent Alertsec survey found that nearly 100 percent of consumers were disturbed by the idea of a data breach. Should a retailer allow shopper data to be unlawfully stolen, the organization will suffer a tremendous blow in terms of shopper trust and confidence, in addition to the other damages incurred.
Roughly a quarter of customers stated that they would not trust the company again after a data breach. If multiple incidents happened, it is likely this percentage would increase rapidly.
Training a huge, constantly changing staff on the importance of data destruction
Retailers do not have an easy challenge when it comes to mandating data destruction. Different hardware requires different treatment to effectively cleanse classified information. On top of this, any one mistake can expose an entire network. Retail organizations often employ large and frequently shifting staffs. Any employee who might handle hardware that contains consumer information (especially if it is to throw it away) must be trained on professional data sanitation.
This increases the value of a properly trained worker, one who can be trusted in data sanitization. Going forward, retail owners may wish to change employment strategies to make sure there is always at least one such individual per location to oversee and train new recruits.
As data destruction in retail is near constant, it is more cost-efficient to adopt in-house hardware to properly sanitize drives and equipment. Data security will only grow more vital as stores continue to evolve their technology. It is imperative that retail owners take steps now to ensure they are ahead of the curve on all aspects of data destruction and cybersecurity.