A Sense of Security

By George Anderson

Something is amiss. Those of us of an age to remember the old B-movie westerns know that it’s the good guy that wins and the bad guy that goes off to jail. Lately, however, it appears as though the bad guys may be finding crime does pay.

As a piece in The Providence Journal points out, TJX, Ross-Simons, CVS and now Stop & Shop have discovered security breaches that have put customers of those retail businesses at significant financial risk.

Two years ago, DSW Shoe Warehouse found that lapses in its computer system security led to the theft of 1.5 million consumer records. An investigation in that case found hackers had stolen credit, debit and checking account information from consumers in 25 states.

In the most recent case at Stop & Shop, thieves tampered with checkout touch pads at six stores in Rhode Island. The supermarket chain alerted the Rhode Island Attorney General’s office of its discover on Saturday and a hotline has been set up to answer customers’ questions. Stop & Shop has also posted information on its website.

Michael Healey, a spokesman for Attorney General Patrick C. Lynch, said, “It seems as though the thefts could be the result of a pretty organized criminal effort.”

Mark Lilien, a consultant with Retail Technology Group and a member of the RetailWire BrainTrust, said the Stop & Shop incident was not as sophisticated as previous electronic break-ins.

“It’s an awful lot of work to do for not a lot of money and the tremendous chance of getting caught,” Mr. Lilien said. “I’d be surprised if it was a significant amount of transactions.”

Discussion Question: To some, it may appear as though electronic systems have put consumers and companies at greater risk of theft than back in the cash and carry days. What is the current state of data security in retailing and what was your reaction when you heard the limited details released on the Stop & Shop case?

BrainTrust

Discussion Questions

Poll

5 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments
Joel Mincey
Joel Mincey
17 years ago

Data security is fast becoming the Achilles Heal of the retail industry. While convenience is important, it cannot come without security. Many of the systems retailers are using today are simple not secure enough.

The bottom line is that many will have to invest heavily in new and better systems (or they will have to invest in lawyers.)

Laura Davis-Taylor
Laura Davis-Taylor
17 years ago

This really is a critical issue, especially as we seek to deploy more and more “consumer technologies” in-store, such as interactive digital signage, one-to-one shopper tools and even RFID devices.

I read a Wired magazine article last year with interest that shared the blow-by-blow of a new genre of hacker that had figured out how to easily lift RFID data from chip to chip. They detailed the sixteen year old that used the chip in a block of cream cheese in a German grocery store to transfer data from his hotel room key…he then opened the room with the cream cheese! Rather scary.

I’m sure that the solutions to this issue aren’t easy but the more breaches we have, the more limiting our ability to help evolve shopper experiences with technology. Especially if they carry personal information.

Bernice Hurst
Bernice Hurst
17 years ago

Deterrents only deter the law-abiding. People willing to disregard the law and take their chances on getting caught (and convicted) don’t seem overly concerned by CCTV or other forms of surveillance. Perhaps they think the potential riches they can steal are worth the risk of punishment, assuming that they do get caught and can’t find some way of wriggling free. Prisons certainly don’t seem to stop criminals re-offending, at least not in the UK. This could be part of the reason why privacy fanatics (of which I consider myself one) keep getting exercised about being watched all the time and monitored by computers tracking our plastic expenditures. It isn’t only retailers who lose data and some of the losses are down to staff taking laptops with confidential information home and then “losing” the computers in one place or another. The wonders of the web are certainly not unmitigated.

Mark Lilien
Mark Lilien
17 years ago

Many supermarkets have closed circuit TV surveillance for the cashier area, so people tampering with pin pad units would be recorded.

Vahe Katros
Vahe Katros
17 years ago

The class action against TJX and the SOX rules on financial personal information security will keep auditors and lawyers busy. This is a boardroom issue; the leaks include WiFi and intranets and leaky CRM systems that were not designed for consumer level security.