In a post-Equifax world, the act of shopping takes some measure of bravery and trust, especially online. Customers click a send button, and whoosh! — off go the name, address and payment details into the mystical cyber beyond.
Last year’s widely publicized hack into the credit reporting bureau left millions of consumers vulnerable to identity theft, thrusting the payments security issue into the spotlight. Not that the breach was anything new — attacks on Target, Home Depot, Michaels and other big-box stores have marred the retail security landscape for years.
The scenario can rattle consumers’ nerves and expose retailers to a greater risk of fraud. That’s no small affair. According to the latest Kroll Annual Global Fraud & Risk Report, 89 percent of executives from retail, wholesale and distribution companies worldwide reported fraud last year.
“You’re willing to give your credit card data or do field transactions when you go to a store, or any place that accepts the credit cards stored on your phone, and yet that is directly accessing your account data,” said Ari Weil, vice president of product and Industry Marketing at Akamai, a content delivery network and cloud services provider that has been paying particular attention to retail traffic. “It could be a scraper, somebody taking your credit card information to perform fraud. And yet, you’re trusting all of that — you’re not even thinking twice about it.”
To mitigate the risks for consumers and stores, creative solutions have been cropping up to secure payments and more.
Hypr uses blockchain as a decentralized way to safeguard authentication or customer logins, ensuring that no single organization acts a single target for hacking.
“It’s, like, every week or every month there’s a big security breach plastered all over the headlines, and you think to yourself, what is the thing that is common across all of these breaches?” said George Avetisov, Hypr’s chief executive officer. “You hear about millions of passwords and millions of user credentials getting stolen. And you say, ‘What is the common theme across all of these companies and all these security breaches?’ It’s centralization. All these enterprises are centralizing the storage of personal data like biometrics, pins, passwords, credit card numbers — and when you centralize that data, you create a really high-risk, juicy target for hackers.”
With blockchain, every member or participating organization in a network holds everyone’s data, but only the user has the key to unlock it.
Avetisov’s company just revealed a new partnership with Samsung Pass, the tech giant’s identity management arm. The deal brings biometric authentication — think eye-scanning features on phones — to employee logins for workstations.
Shopin also uses blockchain to create decentralized universal shopper and payment profiles. Its concept: If no single company owns the data, then an e-commerce giant can’t have the competitive edge over other retailers.
“While it’s amazing [for brands] to be on Amazon, because the sales increase, there’s a hidden story,” said Eran Eyal, Shopin’s ceo and cofounder. “Ten percent of the world’s commerce is run by Amazon’s recommendation bot.… It’s scary when one company owns [that much] data.” The company’s solution allows retailers of all sizes to plug into its universal shopper profiles to offer product recommendations and secure transactions. The company also offers a form of cryptocurrency that allows stores to offer loyalty rewards based on purchase data that’s owned and controlled by shoppers.
Token’s decentralized approach differs. The company safeguards payment info by creating fake alter egos for credit card numbers that can be used online or over the phone. But the tokens must be accepted and authenticated through the company itself, as well as the merchant services or credit card processor, and ultimately the main financial institution. In this way, no single company, not even Token itself, can unlock the payment data on their own.
The principle philosophy behind Token is “if you don’t want your data stolen, don’t share it to begin with,” said Zohar Steinberg, the company’s founder and chief executive officer. “It’s not just security — it’s also quality of life. Consumers don’t have to be concerned anymore.”