Retail Cybersecurity Trend 5: Memberships and Loyalty programs

November is Retail Privacy Month

To attract customers and keep their loyalty, retailers create memberships and loyalty programs. These are great tools to create a sense of community. Some very innovative retailers were able to use such methods during the worst of the pandemic to allow people to come together in a safe way, however limited the numbers.

But such programs assume online accounts. Online accounts require credentials: an id and a password, at a minimum. Credentialing involves securing and verifying the authenticity of the person logging into the account. Inside these accounts, there are communication preferences, to ensure customer preferences are respected.

If the consumer is using the same set of credentials and these are breached, the cyberhackers will use these credentials to unlock other accounts and when they can’t get to a direct source of money, they will use email phishing scams to impersonate the retailer.

In a previous blog, we mentioned that retailers can become “collateral damage”. Online accounts poorly managed are certainly high risk, for both the retailer and the consumers. The retail sector also has a role to play in helping the public keep themselves secure online.

Customers can be empowered through the provision of clear, easily understood, and easily implemented practical and sound advice to help them keep their online presence confidential and secure. Such guidance must also be consistent across all online platforms. It will help the public become less confused by cyber security and privacy advice if all retailers provide the same information and engage in the same good data handling practices.

In the case of the Internet of Things – consumer products connected to the internet – retailers are required to ensure products they sell are secure by design with passwords that are unique. This is a minimum to prevent access in the daisy chain of consumer data.

Any compromise the retailer suffers has to be communicated to the affected consumer, to allow them to change credentials or at a minimum passwords for other accounts that may be at risk of compromise.

Last but not least, retailer impersonation may happen and consumers may not expect it and fall for any number of fraudulent schemes. These can occur if, for example, the customer responded to a contest invitation or for some reason felt they could reasonably be contacted by the retailer for some sort of reward. 

It is the retailer’s responsibility to have open lines of communications and receive the feedback promptly, as well as communicate to the rest of the members and provide guidance on how to avoid being defrauded.

At Managed Privacy Canada we have the expertise, experience and we have developed best practices and documentation to support retailers to thrive.

✅ Our approach to practical privacy begins with your free 20-minute consultation. For more information, visit
✅ For privacy updates, follow us @ Managed Privacy Canada on Linkedin

Facebook: @ManagedPrivacy
Instagram: @ManagedPrivacyCanada
Twitter: @ManagedPrivacy

Share this post

Share on facebook
Share on twitter
Share on linkedin
Share on pinterest
Share on email

Sign up for our Newsletter