Buffeted by strong economic headwinds and hyper-competitive markets, retailers are looking to build closer ties with their customers. But by proactively using consumer data, your business risks exposing itself to data security and privacy threats. Customers may be demanding greater personalization, but they also want to be assured their personal and browsing information is handled in a secure, compliant and privacy-aware manner.
The link between retail customer data and personalized experiences
Consumers are increasingly demanding more personalized experiences from their favorite retailers. For example, according to research from BCG and Google, two-thirds of consumers want ads that are personalized to their interests. As technology improves, many retailers are investing in hyper-personalization to deliver specific messaging at the right time and place for maximum effect. According to BCG, companies can "increase their growth rates by 6% to 10%" by mastering personalization.
Retail customer data forms the foundational layer of these experiences. Personalization could be as simple as first-name recognition upon entering a website. It can also involve using artificial intelligence and near-real-time data to provide customers with relevant and timely content. This is done by matching facts known about the customer with the actions they take, plus data from the context of the interaction.
Customer concerns: Privacy vs. personalization
However, as more retail customer data is used to create these experiences, consumers are becoming more aware of the privacy and security implications. A PYMNTS survey found:
- 65% of online shoppers will end their relationship with a retailer after experiencing just one data theft or payment fraud incident
- 48% of shoppers are more concerned about data security risk now than before the pandemic
Research from Verizon found only 48% of consumers were comfortable sharing personal data with brands. Many felt they had no choice—24% of those who expressed discomfort or ambivalence feel there's no good alternative to sharing data.
This increased awareness of consumer privacy and retail data protection issues is reflected in industry trends. They include Apple's move to automatically opt iOS users out of app tracking and Google's decision to stop using third-party cookies in Chrome by 2024. Regulators are also active in this space: Cosmetics giant Sephora recently agreed to pay $1.2 million to settle a California Consumer Privacy Act case claiming it failed to disclose the sale of customers' personal information.
Retail data protection risks
Consumers are right to be concerned: 28% of respondents to a Verizon survey said a company had compromised, misused or shared their data without their consent in the past two years. The most common consequences were spam, identity theft, financial loss and reputation damage.
Retail was among the top seven sectors in terms of reported breaches analyzed in the Verizon 2022 Data Breach Investigations Report. Outsiders overwhelmingly commit attacks, and they're focused on financial gain, particularly by stealing credentials and personal and payment information.
Among the top retail data protection threats are:
- Phishing of employees, whose credentials attackers can use to steal retail customer data en masse
- Cloud vulnerabilities such as user misconfiguration, which can expose data stores to threat actors
- Third-party compromise, as happened during the Kaseya ransomware attack
- Digital skimming malware, which can be inserted into e-commerce payment pages to covertly harvest customers' card details
- Hybrid working, which has expanded retailers' corporate attack surface. According to the Verizon 2022 Mobile Security Index, 79% of organizations agree remote working has adversely affected their cyber security, and 45% have recently experienced a mobile-related compromise
Protecting retail customer data: How trust builds loyalty
A data breach can shatter customer trust, and it can impact your reputation and overall business success. Okta's The State of Digital Trust report found "trust in our digital world directly correlates to consumer purchase decisions." Three-quarters of Americans won't purchase from a digital brand they don't trust, while 47% will permanently stop using a company's services after a data breach.
Verizon research shows a clear link between trust and customer loyalty. This includes honesty and transparency about how a company collects and protects data. For example, 52% of consumers said they would continue dealing with a brand even after learning it had obtained data without their consent—as long as the brand acknowledged what it was doing.
To build and maintain loyalty, it's no longer enough to provide good products and a positive experience. Your organization must also show it can protect personal information.
How retailers can address security and privacy concerns
Retailers need to strike a balance between creating the personalized experiences consumers demand and respecting their rights to data protection and privacy, which are often enshrined in law. Failure to proactively address this challenge could not only erode trust but also result in data breaches or regulatory fines that can severely damage brand reputation.
Here are some steps your organization can take to enhance retail data protection and customer privacy:
- Consider adopting a Zero Trust Architecture. Leverage its three core principles: All entities are untrusted by default, least privilege access is enforced, and comprehensive security monitoring is implemented. With this approach of continuous verification you only provide access to users and devices that have reason to use each tool or system at that point in time.
- Enforce strong, unique passwords for all employees and multifactor authentication to protect accounts.
- Achieve continuous risk-based patching of all systems to reduce the attack surface
- Protect retail customer data at rest and in motion with strong encryption.
- Deploy robust, multilayered defenses across endpoints, network and cloud to prevent, detect and respond to threats.
- Work with third-party experts, including service providers to deploy and manage data protection efforts.
- Develop customer experience and personalization strategies that don't rely on third-party cookies.
- Be transparent and compliant in all customer data collection and use, and communicate these efforts clearly in a privacy policy.
- Make sure to train your teams to be vigilant and avoid social engineering (be it phishing, smishing, or vishing).
Discover how Verizon can help you meet your data protection and privacy obligations.
The author of this content is a paid contributor for Verizon.