Don’t WannaCry? Ensuring Retail Cyber Security in an Omnichannel World

Don’t WannaCry? Ensuring Retail Cyber Security in an Omnichannel World

These days, most of us can’t go without the internet for even a moment. Last Friday, many had their worst nightmares come to life when they turned on their computers. Hackers, who call themselves the ShadowBrokers, had managed to infect more than 200,000 devices, across 150 countries with the aptly named ransomware, “WannaCry”. Utilizing a vulnerability in certain Microsoft Windows systems which allows it to gain access and encrypt all data contained within, the virus effectively turned the devices into expensive bricks. The malware then demanded payments in BitCoins to decrypt the data and return access.

Almost every possible vertical including retail and consumer brands were potential industries affected by WannaCry, which is now being called the largest such ransomware attack, forcing cybersecurity professionals to work over the weekend to protect the systems of their corporate clients.

As the scale of the internet has increased tremendously, such attacks are also predicted to stay on the rise. Retail is an industry that has always been a hot target for hackers. This is because of the abundance of customer data including payment information that most retailers have access to and the innumerable devices connected to a retail network that hackers could gain access from. By diverting attention of the IT teams to improve sales performance instead of security, many retailers are left vulnerable to the constant threat of a cyber attack.

It’s imperative that retailers take steps to protect sensitive business data, especially in an omnichannel environment as the cost of a breach includes not just the loss of data but also that of reputation, which may have cascading negative effects on overall business performance.


The following are a few of the best practices that retailers should follow in order to effectively protect themselves in today’s ever connected world.

Having a Backup

According to a PwC report titled, Global State of Information Security Survey 2015, only 54% of retailers had an accurate inventory of how and where they collect, transmit and store data. Maintaining detailed logs and monitoring all the data exchanged in any company network is paramount to information security. It is wise to constantly backup important data in a secure, and isolated environment, though it is not as pervasive a practice within corporations as one would assume. Segmentation and isolation of different data types such as cardholder data, customer data, vendor/partner data, operational data and backup data etc. can be helpful in mitigating risks coming from the various devices omnichannel retail networks are connected to today. Apart from just having a backup in terms of data, one must also have a security breach response plan which details what needs to be done in case a business inevitably becomes the victim of a cyber attack.

Updating Constantly

Microsoft had already identified the vulnerability now known as Eternal Blue, and released a patch to secure it two months before the WannaCry attack. The infected systems hadn’t installed the latest security patch, making them vulnerable. This shows how important it is to constantly be up to date on the latest security measures available. Hackers are constantly innovating to exploit any weaknesses they could find. Businesses are now forced to ensure their security by doing the same. According to PwC, due to the scalability and agility of the cloud, businesses have the opportunity to enable safer information transfer through technologies such as deep analytics and machine learning which could help with cybersecurity. Infact, 23% of businesses surveyed in the year 2017 study said they were going to invest in Artificial Intelligence and machine learning over the next 12 months.

Educating Employees

A tool is only as good as the person using it. The same is true for security measures as well. Phishing and social engineering are often used and surprisingly effective methods of data breach.  Educating each employee (especially the store staff) on the best practices in terms of security that they must adhere to will significantly bring down the vulnerability any business faces. This is especially true of the omnichannel environment that most businesses work on with a myriad of different devices being connected to any network, including mobile devices both personal and official, tablets, laptops, beacons etc. Each employee must be aware of the risks involved and trained on detecting suspicious, fraudulent behaviour.

Maintaining Control

Having a detailed view of all data streams in an omnichannel environment is paramount for data security. Like stated above, maintaining detailed logs would also help you to detect and prevent attacks. Since a lot of the tools businesses use today are hosted on the cloud, these applications may also have access to sensitive data. It’s important to monitor such third party applications as well and ensure they have effective security measures in place. It also helps to create tighter access controls such as granular role-based access controls which will only allow access to the information a particular employee or application requires at the time and no more, could improve security drastically. Stringent security models such as Forrester’s “Zero Trust” which always verifies all entities within and outside a network before allowing access could give businesses immense control over their data.

Surpassing Compliance

Compliance with security standards such as PCI-DSS, ISO, HIPAA etc. may already be the top priority for many retailers, but it’s important to note that one must not build their security program by just completing checklists to fulfil the terms required. Remember that these standards are the minimum requirements that need to be maintained. Organisations should also follow a holistic approach towards security to ensure there aren’t any gaps that are left unprotected.

How Apple Passbook affects your Loyalty Program

How Apple Passbook affects your Loyalty Program

When Apple announced its new Passbook feature with the new iPhone5 and iOS6, it was obvious that it was going to have an unprecedented impact on the way loyalty programs and mobile phones play together, especially considering the sheer scale of the Apple iPhone/iOS universe.

The One Passbook To Rule Them All: Apple has created a central repository where all of a customer’s loyalty cards, tickets, and boarding passes can reside, and make it very easy to find them, and use them at the cash registers. The Passbook is not a stored value card – and Apple has not followed Google and others on the NFC Bandwagon. This could be due to security flaws found in most NFC implementations, but also for the additional complexity of hardware that can read NFC. Basic information is available on the front of the passbook, but more information can be seen on the back by tapping the information button. Terms and Conditions can also be maintained and accessed easily.

Loyalty Cards: Your Customers can now download your own loyalty cards from a link they receive from any mode of communication (Email, Text, Social) right onto their iPhone. The layout of the card can be customized based on Apple’s specifications, including the pictures, colors, and the fields that are shown on the front and the back.

Coupons and Offers: Individual Passbook cards can also be created for Coupons and Special Offers/Gift Cards apart from Loyalty Points. The same can be downloaded from a link, and redeemed through a barcode or QR Code.

Push Notifications: Once downloaded, points and other details can be updated through push notifications enabling far greater engagement – the moment a customer gets more points, they will get a notification, and they even view updated information about their program, or get a notification when there’s an offer for them etc.

Geo-Fencing: Passbook automatically maintains a set of locations most relevant to a particular card, and it surfaces up when you cross one of those locations. This virtual location awareness is called “geo-fencing” – and is become quite popular as a way to excite customers to come into the stores with special offers when they are around. Due to the prevalence of iPhone, it is expected that Passbook could easily be the most common geo-fencing application.

Unprecedented Engagement: Most retail mobile applications see far less engagement than we would like – and Passbook will change that. It is automatically available for all iOS 6 (iPhone 3GS and above). The fact that there are an estimated 7 Million iPhone devices active in the U.S. alone will have a tremendous impact on its adoption and engagement.

The obvious implications for retailers is that, the now quintessential iPhone will evolve into a key component of their loyalty/customer engagement strategy. This strategy will be driven by ‘Social’, ‘Local’ and with the last mile delivery, over ‘Mobile’ – and the prevalence of the iPhone will mean that this will happen at a scale not seen before.

Apple Passbook integration is already available with Capillary at no additional cost.

Customer Engagement : Dawn of the Personalisation Era

Customer Engagement : Dawn of the Personalisation Era

Segmentation is not a new concept to retailers. Looking into the analytics framework which has been developed over time, segmentation was traditionally one of the easiest ways to target customers. Ever since the birth of commerce, every retailer has been segmenting his customers based on their gender, class, purchasing power etc. Analytics and segmentation were simply regarded as ‘experience’, ‘trader’s instinct’ or simply ‘gut feeling’. However, with the rapidly changing customer psyche, mere segmentation is not enough. To meet this challenge, statisticians started segregating customers into groups based on multiple dimensions or as it is formally known – micro-segmentation.

Retailers worldwide observed that the response rates for mass campaigns have consistently been very low. Due to this, they revisited the customer databases and started campaigns targeted toward micro-segmented customer pools. India is a 1.2 billion strong country with an intricate mix of cultures and taste, and with the number of options available in market today, the one-shoe-fits-all theory cannot sustain among such diversity. New expectations from customers can be met by providing an offer which is suitable to them and makes them feel special, which can be made possible using micro-segmentation.

In international markets, large retailers have already made headway using micro-segmentation. Retail major Tesco has started dividing its customer pool into 5000 micro-segments with 250,000 personalized offers to target them with. Every retailer has experienced very high returns on micro-segmented campaigns, primarily due to personalisation. It requires minimal investment when compared to other operational investments. To arrive at such high number of micro-segments, it is necessary to validate those segments while drilling down from 3 or 4 segments to 1000-fold more. This is not a one step process, in fact, it is required that it be proceeded in an experimental manner validating each level of drill down.

Marketing has always been an expensive proposition; the marketing managers are finding it very hard with each passing day to justify the cost of marketing and its impact on the business. Print, electronic, OOH – There is a massive clutter across all media which demands a bombardment to get the message through, be it ATL or BTL. On the other hand, micro-segmented campaigns allow the managers to validate each activity and garner profit from each one of them. With any plain vanilla offer, we have observed a response rate of 1.46%, which increases to 2.58% when the activities are personalized and sent to the right customers. Response rate can also go up to 25% based on the number of micro-segments, segment characteristics and design of the offers to that particular segment. Most of the time, running micro-segmented life cycle based campaigns along with loyalty rewards can increase the topline sales by 5 – 10%. Simply put, it’s all about “the right offer to the right customer at the right time”. Due to this, micro-segmentation (personalisation) can also create word of mouth as similar to ATL, but for a lot less money.

Recently, a popular F&B brand who is also a Capillary customer, adopted the next generation of customer engagement solutions for their home delivery business in India. In a complete, end-to-end approach, Capillary Technologies designed separate lifecycle journeys for the different customer type. Based on the available customer data, specific offers were then created for each micro-segment which suited the customer’s taste as well as the purchase behavior. For example, within the ‘Golden Pool Premium’ customer segment, the customers were given a ‘non-aggressive offer’ which has standard discounts and offers which are suitable to the customer’s taste or benefits (in-store promotions) and a customer which is in ‘High Value Explorer’ segment will be given an ‘aggressive offer’ with more benefits if a purchase is made.

Capillary then clustered the customers based on their behavioral indicator such as preferred day and time for ordering – weekday or weekend, lunch or dinner, customer spend etc. and use these to trigger the campaigns. This enabled the F&B client to reach out to the customer when they are most receptive to these offers and therefore increase the acceptability of the offer. For example, using micro-segmentation, Capillary identifies that a particular family of 4 members, often calls on Saturday afternoons to order the food. Using this information, the system can identify the right offer and send an SMS to them on Friday evening or Saturday e.g. Dear Mary, Enjoy your Saturday afternoon with your “favorite food”. Your voucher code is ASD313. Call at xxxxxxxx to place your order now. Within days of the launch, we witnessed a phenomenal increase in the hit-rate across all micro-segments. Customers also found these campaigns accurately relevant and thus responded to each campaign favourably.

Though micro-segmentation is a powerful tool, it also relies on some factors to produce the best results. Ideally, the volume of customer data should be huge. Large data allows the customers to be micro-segmented in a much deeper level, thus increasing the level of accuracy. The diversity of the customer pool also plays a crucial role, varied cultures and characteristics define the different segments much better. The right time to micro-segment is when the market is saturated or retailer is losing to the competitors. These are clear indicators that the customer is asking for a “differentiation” and the campaign response rates are not favorable, thus creating the need to micro-segment and reassess the marketing activities.

It will also help the retailer to identify the right offer from the pool of offers and personalize them as per customer needs. Moreover, it increases the customer retention with a visible rise in the repeat business. Micro-segmentation, when done correctly, can increase the brand loyalty manifolds, within a short period of time, truly bringing the retailer to the next stage of retail evolution – The Personalisation Era.