Wireless in Retail: The Risks and Rewards

An RSR report identifies the dangers of wireless technologies (remember TJX's nightmare?) and offers three ways to ensure your company doesn't suffer a data loss during the holiday season.

Wireless is everywhere. You just can't see it. And that's one big problem for the retail industry, where wireless equipment in both the back rooms and show rooms are ever present today. But just how secure are they?

A new research report by Retail Systems Research (RSR) partner Steve Rowen details the growing dependence on wireless technologies and monumental risks posed by the new breed of devices. "In the store, wireless devices have made for enhanced consumer experience, better customer service and accurate, cost-effective transmission of transaction and inventory data," Rowen writes in the "Safe without Wires: The Value of Securing Wireless Technologies" report. "In the supply chain, particularly the distribution center, wireless technologies have proven incredibly valuable as well, helping convert data transmissions and operational events into highly efficient processes."

Rowen also describes the "polarizing paradox" found inside today's retailer: The massive pull from one side to provide enhanced customer service is challenged by the constant need to cut costs. "In order to differentiate themselves from competitors, retailers are also challenged to provide a heightened shopping experience to the time-starved, tech-savvy 21st century customer, while also satisfying shareholders," he writes. "All of this is to be achieved with a perennially limited technology budget."

As a result, Rowen maintains that retailers have changed their focus from technologies that only streamline efficiency to those that additionally address a higher order of needs. "Wireless is an ideal solution to meet such needs," he contends, "and increasingly becoming a means to do so at a manageable price point."

But all that advancement has come at a cost many retailers have discarded like the items on the clearance rack: wireless brings increased risk. One needs to look no further than the massive TJX Companies customer data breach that began when thieves targeted unsecured wireless price-checking devices at a Marshall's (which is one of TJX's businesses) clothing store Minnesota. That "back door" eventually led the thieves to TJX's central databases—and nearly 50 million credit and debit card numbers in 2005.

What's worse, Rowen says, is that those with motive and technological savvy "have identified retailers' lackadaisical treatment of data flow as a viable opportunity, extending well within the reach of highly organized crime factions," Rowen writes. "Theft of retailers' customer data is no longer just for 'hacks;' it has become very big business." And even though Rowen contends that the Payment Card Industry's Data Security Standard has pushed retailers to examine their security practices, a quick scan of the daily news ("Another Data Breach") shows that there's much more work to be done.

As you read his suggestions, note that none of Rowen's recommendations are explicitly about technology. That's a sign that retailers need to start talking about wireless security at all levels of the company.

First, elevate the conversation. "The most successful security programs are those which gain the interest of C-level executives—early on," he writes. "This process will slightly vary from one retailer to another, but is commonly bound by a joint presentation of the company's current—and needed—security status to the board of directors."

Next, speak the right language. "While compliance is the goal on which most retailers currently focus, decision makers and LOB [line of business] personnel do not care about technology. By focusing on business drivers, wireless proponents can speak the language needed to realize the benefits of secure wireless solutions," Rowen notes. "This can be accomplished by addressing benefits in productivity, benefits in customer service, benefits in marketing—a language based more on revenue generation than purely cost avoidance. The ability to attain a higher level of customer centricity will always be viewed with greater interest, and by speaking directly to this point, enables foresight beyond the technological or compliance goal line."

Lastly, set clear objectives in realistically achievable pieces. "Due to the need-based urgency to sure up existing technologies and meet industry mandate deadlines, there is no shortage of conversation and 'quick fix' solutions to the customer data security dilemma facing our industry," he writes. "However, winning retailers consistently demonstrate a calm and calculated approach, avoiding the fruitless hair-on-fire trap, steadily tackling one attainable goal at a time."

Copyright © 2007 IDG Communications, Inc.

Download CIO's Roadmap Report: 5G in the Enterprise