Download your copy of our State of Authorization: Playbook Edition Get it now »

Ten years after the Target breach: Why retailers need authorization as breaches persist

The retail industry is falling behind when it comes to cybersecurity. Retailers are worse off now ten years after the Target breach.

The holiday season is fast approaching. This brings an increase in sales for the retail industry as holiday sales represent 20 percent of annual sales across most industries, according to the National Retail Federation.

However, the retail industry is falling behind when it comes to cybersecurity. In fact, retailers are even worse off now than they were ten years ago when the Target breach happened.

The world has become complacent when it comes to breaches

Consumers don’t care as much anymore when breaches happen as they have accepted it as normal. Because of this, retailers have accepted breaches as a part of doing business and are taking advantage of this as a reason to deprioritize cybersecurity spending.

Retailers do not care about security as consumers don’t seem concerned about it. Plus, security doesn’t drive sales so why would retailers make this a priority?

Ten years ago at the time of the Target breach, retailers were concerned about brand damage, but that worry has dissipated as everyone accepts breaches as being standard. Not to mention, there are very few regulations about security in the retail industry, so there is no punishment when a breach happens.

But with the average cost of a breach for retailers being $3.28 million, the retail industry must make cybersecurity a priority.

Boost the brand experience with policy-driven authorization

Policy-driven authorization can add layers of verification in real-time to address gaps associated with focusing only on authentication, which can be the case for some retailers..

Not only does this improve security, but it can improve the overall customer experience.

When signing in on applications, consumers are often asked to bear the onus of improving security, through entering authentication codes (sometimes more than once) or other steps, but this breaks the customer experience and can be seen by customers as a hassle.

As a result, the customer may opt-out of that additional step, or abandon their purchase altogether.

By adding policies that run in real-time, retailers can make the access control process frictionless and secure. This is possible if retailers add policies into their application which can check if customers have bought with them before, if they are on a different device, run credit checks, etc. as it is basically looking to understand the risk and if the purchase is fraudulent.

But wait there’s more!

Policy-driven authorization can also help with brand consistency and role explosion.

Retailers require a  consistent brand experience, whether customers are online or in-store. Retailers don’t want customers’ experiences to be different whether they are in a location in Los Angeles or Stockholm.

So, why shouldn’t the level of security be the same between the application and one of their brick and mortar stores?

Not only does it help on the customer side, but it helps with roles that the employees have within applications. Role explosion is a problem many organizations face, but it is a particular issue impacting many global retailers with multiple franchise locations.

Policy-driven authorization can help with role explosion as it adds a fine-grained approach which removes the need to create roles to address specific situations. With policy-driven authorization, policies can be created to address multiple scenarios within roles without having to create new roles.

Plus, turnover for employees in the retail industry is high, so it is important that the correct people get access at the right time.

Policy-driven authorization in place all of these are possible.

Take the next step

As we gear up for the holiday season and the new year retailers need to look ahead and make changes to their security now for next year.

Request a demo with one of our solution experts to see how policy-driven authorization can boost your company’s cybersecurity and brand experience.


  Join us on LinkedIn for more insights
Archived under:
About the author

Jim Barkdoll is the president and CEO for Axiomatics, leading the company’s overall vision, growth strategy and go-to-market initiatives. He has more than 20 years of leadership and business development experience with an established track record of successfully growing teams and revenues for partners and vendors of all sizes.