L O C K T O N C O M P A N I E S , L L P

IBM has just published a report (Cyber Monday Report 2012) which compared online sales in the U.S. on ‘Cyber Monday’ 26th November this year compared to the same day last year.

It revealed that not only are online sales increasing - up 30.3% on 2011 – but that more and more people (18%) are using mobile devices such as their smartphones and tablets to shop. Sales via iPads accounted for 7% of online sales - up a staggering 205 percent on 2011, and purchases via mobile phones accounted for nearly 13 of the sales – an increase of more than 96% over 2011.

The New VogueMobile ‘electronic’ wallets are the new vogue, with a number of service providers, financial institutions and retailers fighting for a share of this market.

A few large players (such as Starbucks) have already adopted a mobile wallet payment system, while others are still sitting on the fence aware that this is a form of technology that they cannot afford to ignore, but are nervous about selecting the wrong system.

The benefits are clear, as mobile wallets offer a rich source of customer and transactional data that can be used for advertising, positioning and marketing purposes. On the flip side, mobile wallets are a complex proposition, which bring together a number of functions, services and support elements, and service providers need to be very careful about how they leverage the unprecedented flow of detailed customer data that mobile wallets generate. They also need to manage customer concern about how their data will be used and shared, as well as their vulnerability to privacy and security breaches. Another issue is who controls the data – as it originates from a number of sources.

With online sales set to soar this week, the Christmas shopping bonanza gathers pace and cyber criminals are preparing to ‘pick a mobile wallet or two’. In the past shoppers had to worry about pickpockets targeting their purse, today the risks are far greater, with criminals also targeting mobile wallets, social media and websites.

Ben BeesonPartner

Global Technology & Privacy Practice

+44 (0)20 7933 2857ben.beeson@uk.lockton.com

21st Century Fagin – The Risk of Cyber Pickpockets Lockton Global Technology & Privacy Risks Practice December 2012

December 2012 Lockton Global Technology & Privacy Risks Practice

Along with the opportunities come the risks.

Gartner (www.gartner.com/predicts) recently predicted that the cost of cybercrime will increase by 10 percent per annum through to 2016, in part driven by mobile devices and mobile-based apps. With increasing amounts of customer payment information being stored on mobile phones, they will increasingly be targeted by criminals, and there is the risk of transmission signals being intercepted between smartphones and retail terminals by thieves. In addition, there are privacy risks for retailers as they will be electronically tracking individual shoppers’ daily activities, the locations they visit and the purchases they make.

Retailer ProtectionSo how can retailers protect their business from the risks posed by mobile and online technology?

These risks involve people, processes and technology. First, they need robust online security systems that are constantly monitored for new risks and viruses – which emerge daily. It is also essential that their data breach response policies and procedures are in place and regularly updated and edited. Finally employees, particularly those with access to sensitive information must be trained.

Specialist stand alone cyber liability insurance should also be strongly considered. There are now products in the market that will not just insure the financial risks of a data breach or privacy violation but will also provide support in handling the breach. Speed is of the essence when a breach happens, and how the retailer responds can make or break its reputation. This form of innovative insurance gives access to a wide range of specialist legal counsel, reputation management, PR and IT auditing forensic experts as well as client information service providers, who can all swing into action as required.

Customer ProtectionWhat advice should retailers offer to their clients?

They should continue to urge them to only use sites of reputable retailers, use strong passwords and use credit cards and not debit cards to pay for goods, as these give direct access to bank account details.

An area of concern is still that most customers shop on their home computers or mobile devices which utilise web browsers that lack the latest security patches. This makes these devices a prime target for malicious viruses. Consumers also need to be warned that cyber criminals are increasingly using false coupons and incentives that include links to infected websites. Social media sites are also being targeted by these criminals and they are hiding infected links in wall postings, Tweets and You Tube clips.

Ultimately, online and increasingly mobile shopping is here to stay – but retailers and shoppers need to take the risks seriously, be prepared for a breach, and think before they click.

GTPPA division of Lockton Companies LLP. Authorised and regulated by the Financial Services Authority. A Lloyd’s brokerRegistered in England & Wales at The St Botolph Building, 138 Houndsditch, London, EC3A 7AG, Company No. OC353198LLP 913 - Dec 12www.lockton.com