There are a few January staples that, like Christmas, come around every year.
The bleary return to work, the 1 January diet that lasts only until February, or the vow to stay away from alcohol – for a while anyway. It’s also the time of year when we get to see how successful the retailers have been in parting us from our hard-earned cash over the ever-lengthening festive period. One thing is already clear, store performance has not been great, with even the stalwart Christmas champion, Next, failing to set the high street alight. However, the positive is that most retailers are reporting an upsurge in online sales.
That digital shopping keeps increasing is good news for the retailers. However, it is becoming more and more dangerous for consumers. Who should be taking responsibility for the safety of online shopping?
The retailers did well out of the likes of Black Friday and Cyber Monday, which boosted annual sales to record levels. Of course, sales initiatives like these also allow retailers to increase their collection of personal data, offering a window to the lives of their customers and their buying habits. So, should consumers have alarm bells ringing in their ears?
The various touch points for data transfer to retailers are now quite staggering – from store loyalty cards to more covert monitoring such as using the GPS signal on our mobile phones to monitor which aisles we spend most time in at the supermarket. It’s become all too easy for us to be parted from our personal data, often without realising it. What makes this trend more worrying is how we often rely on the same information as “keys” to access our bank accounts and other private aspects of our lives.
So while retailers will undoubtedly want our data for their own legitimate commercial purposes, cyber criminals are also on the lookout for it too. Personal data is big business on the black market and worth a fortune in the wrong hands – increasing the risks of conducting business on line.
Perhaps most surprising, then, is that the risks we need to be alert to but regularly miss are not new. Many will be familiar to consumers. It’s the new ways that technology allows them to manifest that often catches us unawares.
Crime is a good example. There are now frequent, almost daily reports of retailers’ websites coming under attack from cyber criminals. Such encounters are generally followed by social-engineering scams, in which fraudsters use stolen data to impersonate retailers, win customers’ confidence and then trick them into transferring money into fake bank accounts.
Retailers undoubtedly have a part to play to keep us safe when harvesting our personal information. They are obliged to take all technically appropriate steps to protect us but, worryingly, the law doesn’t specify what “appropriate” means. The rationale for this is it allows companies flexibility to decide, but increasingly this approach is being shown to be flawed. The regularity of data theft tells us so. Inconsistency and uncertainty is the result. For retailers this has to be a serious concern for the boardroom; get it wrong and significant reputational damage and liabilities will be lurking around the corner.
The bottom line, though, is that consumers have also got to start taking more responsibility for the protection of their digital assets. It’s a two-way street. More care about to whom they give their personal information and the purposes for which they agree it can be used is the place to start.
Ensuring that internet security systems on PCs and smart devices are up to date, while also being more alert to decoy websites set up by fraudsters are important basic measures. Only through taking such steps routinely themselves do consumers stand a chance of keeping the criminals in check.
The battle cannot be won by retailers on their own.
• Seonaid Busby is a partner specialising in insurance at Weightmans (Scotland) LLP