- Retailers realize that information security needs more attention – 8 of 11 see increased leadership attention from two years ago, and 9 of 11 expect increased budgets over the next two years.
- They are making progress – all of the retail respondents indicated a slight (7 of 11) or a dramatic (4 of 11) improvement in their information security position from two years ago.
- However, they currently don’t have the information security organizational structure to address the changing landscape – only 2 of 11 have a CISO, 2 of 11 have a budget line item, 4 of the 11 have a security or risk committee and 5 of 11 use a standard set of metrics.
- Internal threats and mobility are top concerns – 6 of 11 respondents indicated mobility as their top technology concern. Internal threats were ranked the highest overall security threat with 5 of 11 ranking it #1.
- Retailers will be focused on employee education and using managed services to improve their security situation over the next two years.
IBM Center for Applied Insights
DAVID JARVIS 1000007UE6 firstname.lastname@example.org Tags:  security ciso retail security_leader 1,897 Visits
Special thanks to Geert Van De Putte and Tim Appleby from IBM Software Group for their help with this post.
Like other industries, retail has its own set of unique security challenges. Loss prevention is a significant component of that challenge. The latest National Retail Security Survey stated that in 2011, U.S. retailers lost $34.5 billion to retail theft – combining employee theft, shoplifting, paperwork errors and supplier fraud. That accounted for approximately 1.4 percent of total retail sales last year.
Today, the checkout/point of sale is the nexus for retail security. Here, the four most important flows for a retailer converge – cash, inventory, electronic payments and customer data. All sorts of different security incidents and fraud can happen at this point – self-checkout fraud, shoplifting, counterfeit coupons, employee theft and compliance in theft, and the theft of customer data through compromised equipment.
As the boundaries of retailers extend beyond the traditional brick and mortar of their stores, additional security concerns come into play. There is fraud around online ordering and home shipment, portal security issues for retailer websites, supply chain security associated with contamination, theft and low quality, and even stealing intellectual property (if retailers have their own private labels).
On top of all of this, retailers are also transforming their business with emerging technologies that all have their own unique security challenges. These include new payment technologies like mobile point-of-sale and in-aisle purchasing, e-receipts, RFID and near-field communications, video and social analytics, mobility and multi-channel access and social networking.
All of these are increasing the number of contact points between the customer and the retailer – pushing out the security boundary further and further. Retailers are struggling to create a better, deeper customer experience and, at the same time, mitigate the potential risks to the organization.
The threat landscape and new technologies are creating a need for an integrated security environment. Are retailers up to the task? Are they approaching physical and information security in new, united ways? Is loss prevention being included in more and more technology conversations? Are retailers moving away from being purely reactive?
We gained a bit of insight into this as part of the IBM 2012 CISO Assessment. There were eleven retail respondents from four different countries (France, Germany, Japan and the U.S.). Their answers compared to the overall statistics from the survey shed some light on the issues:
Another statistic that highlights the fact that retailers know the importance of information security but are struggling to address the changing technology environment comes from IBM’s Global Workforce Study. Overall, 49% of respondents stated that they have “completely addressed” their mobile security concern. For retail it was only 22%. However, 73% of retail respondents expect to make significant investments in their mobile environment in the next 1-2 years, signaling they know it is an issue.
Retailers are not only responsible for protecting their own information, but they are under considerable regulatory pressure to make sure they protect customer information as well. They are faced with a diverse array of threats and technologies that are creating new potential vulnerabilities. They need to have the right security organization and capabilities that unites information and physical security, risk, loss prevention and others into a holistic approach. Retailers realize this, but they still have a way to go before they’ll be confident in their capabilities.
Feel free to contribute to the conversation. Are these the right security challenges for retailers? Will it take more than just technology to address them? How do you think they are addressing this important issue today? Do retailers have a harder go at it than other industries because of the nature of their business? Let us know what you think.
Shubham Jain 270003FVPN email@example.com Tags:  network payments benefits uganda user airtel mobile m-pesa mtn experience ghana kenya interoperability agent money 1,997 Visits
Today, I’m going to take a different approach to, hopefully, give you a glimpse into how mobile money can change users’ experiences. This is an imaginative piece (all characters are fictitious) where I’ll try to highlight the concerns, joys and satisfaction of a mobile money user from the hinterlands of India in the year 2015. It highlights the importance of an effective and trained agent network, importance of sufficient face-time for new customers, interoperability issues, and benefits of mobile money for a typical user.
Today, I woke up late at 5 am, startled to already be a half hour behind schedule. My mobile phone in hand, I kept checking the time and rushed to get ready. I can’t afford to lose half a day’s wage, US$6, if I report late to work even by half an hour.
At work, Sultan, one of my best friends, asked me for a loan of US$15 which he needed to pay the school fees of his daughter. I checked my Airtel mobile money wallet balance and instantly transferred the amount to his mobile money wallet. For a nominal fee of 10 cents, it was worthwhile to help a friend.
Thinking back, I remember the last time I loaned Sultan US$10. I had to walk down 2 Kms to the nearest branch of State Bank of India to transfer money to his account. That was when we met Harpreet, the sales agent of BharatiAirtel mobile money services at the bank. He introduced us to the new mobile money services. Until then, I had a basic feature phone and could not understand much of technology or features of mobile money in the first go. Harpreet was patient; he explained the service, its features, its tie up with banks, charges and benefits for us for about 30 minutes. I was particularly wary of the notion of holding money in mobile – how secure could it be? What if I lose my phone/SIM or someone else makes use of PIN delivered to me? Harpreet demonstrated everything and explained it in detail to clear our apprehensions. This convinced both of us, me and Sultan, to subscribe to the service on our Airtel SIMs. He even gave us the contact details of two local agents in our locality who can help us cash-in and cash-out, as required.
The first few days in using this service were difficult. I forgot some of the steps of using various services; user interface of the application was not so convenient, etc. I remember approaching the local agent and was so relieved to see that he could help. He was very well trained and he helped me from time to time in using the services more efficiently. One challenge I faced in the beginning was that the agent used to run out of cash. This was a major let down for me and I had to walk a Km to get cash from another agent. Over the last two months, though, I feel the service has improved a lot.
Since then, I have been using this service quite frequently. I have used it to make recharges on my cell phone, make and receive money transfers to/from my friends, send money to my family, check bank account balance, withdraw and deposit cash at the agent and even pay my electricity bill. The list keeps on getting longer! Here again, the agent is proactive enough to let me know of the new services and discounts offered by the service providers.
For me, it’s a hand to mouth situation, given my meagre salary. I work in New Delhi but my family lives in a distant village in Orissa, more than 1000Kms from my place. With this service, I can transfer money to them on a real time basis and with minimal charges. Earlier, I used to transfer money through post office or hand it over to someone who would be travelling to my place. It took a few days for the money to arrive and I was charged about thrice as much. I am quite happy that this service enables me to send money to my family as and when they need it.
One challenge I faced initially, while transferring money to my family, was that my family was using the mobile services of Vodafone and Airtel was not allowing money transfers to non-Airtel subscribers. Sending remittance to my family constitutes 80% of my transactions and this was a major handicap for me. Either, I had to take the services of Vodafone or my family had to take the services of Airtel. Due to this, I was not able to transfer money to them for a couple of weeks. I consulted some of my friends and they advised a workaround solution they had been using. However, I was not convinced and instead, asked my family to take Airtel connection.
I have genuinely recommended this service to my fellow workers at the construction site and taken four of them to Harpreet to sign up for the services. For this, Harpreet gave me bonus talktime on my cell phone. It is a nice incentive for sharing my experience.
I finally got free from my work at 7 pm this evening and received my daily salary. I transferred the entire amount to my family since the monthly rent was due on their house.
Though it is tough for me to survive in this salary and work condition, mobile money has surely made the journey a bit simpler and convenient.
I look forward to your comments and observations. Please click “Add a Comment” below or “More Actions” to share this with others.
Shubham Jain 270003FVPN firstname.lastname@example.org Tags:  cgap kenya m-pesa mobile mmu interoperability gsma airtel mtn money wizzit bharti payments 2,488 Visits
Consultant, IBM Center for Applied Insights
In this post, I shall try to have a closer look at some of the important questions pertaining to interoperability: what do we mean by mobile money interoperability, what are the arguments for and against interoperability, and what practical steps can be taken to achieve it?
The mobile money industry has witnessed a remarkable activity in the recent years. There are more than 165 pilots in the mobile money segment in emerging economies, mostly being run by MNOs, banks and other financial institutions. It is now possible to find two or more deployments in many Sub-Saharan African and South Asian countries. Yet, only a very few of these deployments have been able to achieve significant scale. In a recent survey of 52 mobile money service providers, the GSM (Groupe Spéciale Mobile) Association identified 11 service providers that have more than 1 million registered customers. This has led many to make a case for implementation of interoperability in mobile money ecosystems so that customers are more inclined to use mobile money and the deployments can achieve scale by increased customer adoption. Let’s try to explore this important concept further.
Defining mobile money interoperability: Interoperability occurs if different systems are technically able to work together. For mobile money, interoperability can happen between handsets, networks, financial processes and retail processes etc. The Consultative Group to Assist the Poor. (CGAP) has proposed a framework that categorizes interoperability in three levels: platform, customer, and agent levels.
The debate around interoperability: Market participants and regulators have not reached a consensus about the need and benefits of interoperability. Some regulators believe that interoperability is the way to go as the market matures and operators try to scale up. For example, governments of Ghana and India have mandated interoperability in their countries. Some regulators have taken a neutral position and have allowed market forces to decide the course. The Bank of Zambia prefers, but has not mandated, that mobile money solutions be interoperable. It is encouraging interoperability through the development of a national switch. Others feel that interoperability will erode the competitive advantage of market leaders and its implementation may not result in sufficient addition in subscribers to justify the investment required. For example, a report by GSM (Groupe Spéciale Mobile) Association suggests that the business case for implementing interoperability is unlikely to justify the initial investments of implementing it.
How to achieve interoperability: Though industry leaders seem to agree that interoperability is a key issue, they have different views on how it can be achieved. There are two broad approaches to achieving interoperability:
With respect to the timing and extent of interoperability, maybe the real answer lies somewhere in between. The timing and extent of interoperability needs to be specific to the state of market and needs to be continuously assessed. A report by Mobile Money for the Unbanked (MMU), suggests some valuable recommendations:
Have you ever been blocked by interoperability issues? What steps are your companies taking? I look forward to your comments and observations. Please click “Add a Comment” below or “More Actions” to share this with others.