Guillaume Desnoes, Head of European Markets at password management product company Dashlane, looks at the security challenges on what is hailed as the busiest online shopping day of the year; and looks how retailers can turn it to their advantage ….
Black Friday has become one of, if not the busiest online shopping day of the year. What started as a Thanksgiving hangover trend has become a global phenomenon with consumers from all over the globe logging on to their favourite retailers’ sites and hunting out pre-Christmas bargains. Last year, it was estimated that over £800 million was spent on Black Friday in the UK alone. John Lewis has stated that last year’s Black Friday was its biggest shopping day of the year and it expects 2015 to be even busier. It has had such an impact that even some of the biggest retailers in the country are stepping away from it, as it causes so much “fatigue”.
Despite something of a backlash, it would be hugely surprising if last year’s records are not smashed with so many bargains to be had. Understandably, many brands look forward to this day, as it is one of the most lucrative in the retail calendar. However, they are not the only ones rubbing their hands together with glee at the prospect.
Over the past few years, hackers and cyber criminals have become increasingly sophisticated at gaining access to sensitive data and information, stored by brands and organisations. You just have to look at some of the most high-profile hacks of recent months to see how serious this is. TalkTalk, British Airways and even Ashley Madison spring immediately to mind as examples of where consumers’ personal details have fallen into the wrong hands. When you bear in mind that 90 percent of online data has been produced in the last two years, combined with the amount of information that is submitted on Black Friday, you can see why it’s not only e-commerce specialists who are gearing up for a big day at the end of this week.
But brands are savvy to this, right? Steps have certainly been taken to safeguard consumers’ privacy, which is encouraging to see, but undoubtedly more needs to be done. Recent research has revealed how online retailers are making consumers vulnerable to external threats by persisting with lax security and password policies. Analysis of the top 25 online retailers in the UK discovered that 80 percent of sites did not meet the minimum secure password threshold and the same amount still do not require passwords with a capital letter and a number/ symbol. In fact, 16 percent of sites accept the ten most common passwords, including “password” – in short, a hacker’s dream. Just to give context of how easy it can be for hackers, an eight-number letter has 100,000,000 different permutations. That may sound like a fair amount, but it only takes a computer three minutes to crack this. However, a password made up of eight alphanumeric case-sensitive characters has 218,340,105,584,896 potential options and takes 14 years to find.
Naturally, the obvious reaction is “how am I meant to remember one password made up of random letters and numbers for one account, let alone several?” (It’s estimated that the average UK consumer has 87 password-protected online accounts). This is where password managers come in. They have been designed to enable people to have complex, alphanumeric passwords without having to write them down.
And this is where the opportunity lies for retailers. The shift to greater security doesn’t have to be a hugely expensive, all time-consuming project, which is going to distract them from the business of selling goods and providing excellent customer service. A few simple tweaks to password policy can lead to much greater peace of mind. And it provides the opportunity for retailers to communicate how they take customer data information seriously and securely. In the wake of the aforementioned high profile breaches, consumers are more conscious than ever about giving up their personal details. The brands that can demonstrate they are determined not to let their customer base’s information fall into the wrong hands can now almost be seen as a differentiator – something all retailers are looking for as Black Friday looms.
It is naturally encouraging to see positive password security trends emerge in the world of e-commerce. Yet, while retailers are moving in the right direction, work remains to be done. Given that it’s 2015, no website, regardless of how large or small it is, really has an excuse for not implementing security policies that will better secure their users, as well as maintain the integrity of the brand by protecting the company from malicious attacks. As Black Friday looms, retailers have the golden opportunity to kill two birds with one stone – strengthen their own security, and communicate to the masses they treat their consumers’ information with the respect and care it deserves.
