In the run-up to Christmas, there are so many shops and deals on offer that it can be difficult for consumers to decide who to shop from. Convenience quickly becomes the first priority; it's no surprise that online shopping has become a huge resource for many Christmas shoppers. In fact, shoppers spent a record-breaking £3.3 billion online over the Black Friday weekend this year – shunning the high street in favour of shopping from home.

According to The Centre for Retail Research (CRR) online shopping accounted for almost a quarter of Christmas spending in 2014. Much of this shopping activity was click & collect, CRR claims, but the convenience and speed of mobile purchases are also becoming indispensable for Christmas shoppers. Retailer John Lewis saw over 360 million downloads of its shopping application over the Christmas period last year, and 75% of their Christmas Day web traffic came from phones and tablets. However, the influx of consumer information, stored and processed online, has left retailers as a prime target for hacks and data breaches during the Christmas period.

Although retailers are rightly focused on their sales during the season, their applications and technologies are being used to identify and target their consumers' personal data. With so many sites and services for consumers to register with, digital identities are increasingly becoming targeted. There has been an increase in spam and phishing emails, for example, and crime groups have made fake copies of popular shopping apps in order to steal payment-card data.

Every time a consumer registers with a site, they leave yet another 'footprint' linked to their identity – increasing the likelihood that someone can gain access to their personal information, if it's not protected properly.

Control, security, privacy

The convenience versus security question continues to be a conundrum. However, this doesn't have to be the case.

Retailers need to shift the conversation with customers about data to one of control versus simply just security and privacy.

Yes, retailers need to take measures to ensure their networks and infrastructure are protected from hackers and fraudsters. Though they also need to educate their customers on how to take control over what type of data is shared and to whom.

Keeping customers safe online

Although many consumers are turning to their devices for Christmas shopping, there are still some lingering concerns about sharing their details online. Above all, consumers want to be assured that whoever is selling them products and goods is legitimate, reliable and not a person or company phishing for data to exploit.

By providing an alternate way to log-in to an app or make a payment, mobile authentication services allow consumers to take back control. Mobile authentication services are based on secure network assets, including the SIM, which provides optimum security. Consumers can store their payment cards or accounts on the mobile authentication service, and can confirm their identity and verify a sale through their mobile without further input. Personal information is never shared without the user's explicit permission – providing transparency between service provider and consumer. They can also be assured that authentication and verification is based on robust and trusted data held by the operators for their subscriber database.

These services can also be used to form fill data automatically, helping to combat the consumer fatigue of registering with "yet another site" in order to transact.

Additionally, adopting second factor authentication services can also benefit smaller retailers, by reassuring the customer that the sale is legitimate.

For example, the Mobile Connect Service Mark allows small businesses to show customers that it is a trusted service from mobile operators, who take trust and security seriously. As such, customers can use their services with confidence, knowing privacy and security is adhered to.

Keeping customer data safe in practice

There are several key points that all retailers should adhere to for securing customer data in the busy Christmas season. Firstly, it is vital that information gathering is kept relevant and as minimal as possible.

  • Limit the type of personal data shared: An individual's date of birth is often useful for hackers looking to break into additional accounts. If retailers are selling a product online that requires proof of age, confirming that the buyer is over 18 is enough to authorise the sale. With second-factor authentication, the retailer can verify the consumer's age through the mobile network, which will already have a record. The retailer can then trust that the consumer is over age, without having to store that valuable information themselves.
  • Limiting fraudsters' options: Often fraudsters will target less secure sites, like a local retailer, for example, in order to steal a consumer's username and password details, which can then be used to break into other accounts. Retailers should look to implement systems that render username/password theft useless, such as by enabling higher factor authentication through mobile.
  • Identifying fraud: Retailers can also rely on mobile authentication to protect themselves and their reputation. For example, retailers can use the mobile operator's network to confirm that the phone and user is actually in another country, or confirm that the card being used is at same location as the consumer's phone. This means fewer opportunities for fraudulent transactions to be processed, and more peace of mind for their customers.

Securing the physical store

Retailers are always looking for ways to make the Christmas shopping experience more manageable for their consumers. From increasing staff over the Christmas period, to streamlining click & collect services, retailers are answering the demands of an increasingly fast-paced digital population.

Integrating online services and brick and mortar is the next step, with many retailers working to create a seamless omnichannel experience. Mobile also has a part to play in store, with new payment methods such as Apple Pay on board to reduce friction and convert impulse buys.

As mobile handsets become more prevalent as a tool for retailers, they can also provide an additional layer of security to protect customer data. The GSMA's Mobile Connect authentication service uses the mobile operators' network to prove that the customer is really who they say they are – providing both consumers and retailers with an additional layer of security for transactions.

For the many retailers who look to promote impulse buys heavily during the season, speed and convenience is vital. A mobile-based authentication service makes an instant sale possible and secure, providing all payment and customer information immediately so there is nothing holding the customer back from that impulse purchase.

Next steps

Security is always a concern for retailers, and it's vital it is not forgotten in the busy Christmas period.

Retailers simply can't sacrifice the convenient services their customers have come to expect, but what they can do is ensure that they have a robust security systems and processes in place which protect and give control back to their customers, without inconveniencing them.

Mobile authentication services are one answer to this issue, keeping data secure and giving customers, and retailers more control and a stress free Christmas.

Over the coming months, representatives from the GSMA will be writing exclusive commentary for Essential Retail, looking at how the latest mobile tech innovations are impacting retail.

Click below for more information:

GSMA