Mobility in retail industry: main security challenges and prospectsThis is an original guest post by Roger Hockaday (picture below and bio at the end of this piece), Aruba Networks. Aruba’s Atmosphere Corporate blog is dedicated to mobile devices. Aruba Networks is a leading provider of next-generation network access solutions for the mobile enterprise
Risk and Reward: Tablets and Smartphones in Secure Retail
Mobility in retail industry
They present a disruptive technology and provide an opportunity to innovate both front-of-store and back-of-store operations, yet they also introduce new security risks if their adoption is not properly developed.
The iPad, Android tablets (large and small) and iPod Touches or smartphones are altering the retail experience around the world. Retailers are the midst of a point-of-sale (PoS) transformation from terminals to smartphones and tablets. In fact, many retailers have started embracing them as best practice and, according to a recent poll (Aruba Networks 2012 Retail Survey), 56% of retailers plan to use iPads for Point of Sale in the next two years.
Sales executives in car showrooms use tablets to engage better with prospective customers, remaining by the car to access colour charts, model specification and instantly check stock levels without having to return to their desk. One well known US department store identified the challenge of walk-away customers in the shoe department as sales associates went to bring stock to the customers. The retailer justified the costs associated with the use of tablets by sales assistants simply to prevent customer walk-away as the assistant could now check stock levels, order shoes to be brought onto the sales floor, or offer alternates should the first choice item be unavailable, all while remaining with the customer.
To enable the use of tablets and smartphones in retail it is of course necessary to deploy in-store wireless (more than 50% of retailers surveyed intend this) but this requires a significant overhaul of the legacy networks first put into stores just to facilitate back-office functions such as stock-checking.
The last few years have already seen wireless networks extend onto the sales floor to support Point-of-Sale (hence the need to meet Payment Card Industry standards to protect cardholder and authentication data), but it is a more challenging proposition to support tablets for sales assistants, and even more to offer hotspot services to shoppers (as planned by 37% of retailers by the end of 2014).
In-store wireless enables a new set of mobile applications to allow retailers to engage even further with customers; applications that can push information to customer smartphones and iPads as they walk in the door enabling them to download rich content when and where they want. Combined with store associates empowered to access stock data and process transactions with tablets, it all adds up to an outstanding customer experience.
The challenge is how to manage this expansion of devices, users and applications on the retail network.
Front-of-store wireless requires pervasive coverage (there’s no secret to making a wireless network that works; good coverage combined with proven RF management tools and a management platform that provides real time visibility into the coverage, device location and application performance). The ‘secret sauce’ for retailers is the choice of platform used to manage the discovery of devices on the network, the provisioning of large numbers of devices and users without overwhelming the IT department, the ability deliver guest access with advertising, and delivery of context-based / role based connectivity.
While the cardholder associations of PCI (PCI standing for Payment Card Industry, with companies such as AMEX, VISA and MasterCard) require different levels of compliance based on transaction volumes, the use of Wi-Fi in an organisation brings a layer of requirements that the retailer must comply with.
Role-based access (as required in PCI DSS) can be as simple as separating employees from customers (or guests). However, in order to provide a more flexible infrastructure it is more logical to create roles based not just on the person (employee, manager, customer), but also the device (iPad, smartphone, handheld scanner), the location (retail outlet, hotspot, corporate office), and application (PoS, database, Internet access). This more holistic approach – one that understands the context in which the network is being used will ultimately provide a more flexible and efficient wireless network than one that simply separates employees from customers.
Security, capacity and flexibility will become the watch-words of the next generation in-store networks. Security to comply with the needs of PCI DSS, capacity to meet the needs of employees and customers using tablets and smartphones, and flexibility to cope with the new applications and rapid changes needed to work in a competitive environment. Tomorrow’s retail network will be very different to yesterdays.
- the Aruba Networks retail survey with full results at http://bit.ly/arubaretail
- using Wifi security on mobile phones and devices
- my report on Kaspersky’s statement about mobile crime at MWC
- Kate Bourdet’s own wrap up of mobile security at MWC
- an interview with Roger Hockaday at IP EXPO ONLINE
about the author
Roger Hockaday is Director of Marketing, Aruba Networks, EMEA. A former executive of Alcatel, Infoblox and Packeteer he is currently responsible for developing end user opportunities and channels to Market definition in B2B and B2C - The very notion of "market" is at the heart of any marketing approach. A market can be defined... in the secure government communications sector across EMEA for Aruba Networks.