Retail Cybersecurity Trend 8: Mobile App Purchases

November is Retail Privacy Month

Back in 2017, Rich Jones, head of product and UX at Asos, said, “we need to build experiences that capitalize on mobile. We’re designing experiences that are essentially right for the customers’ devices because their entire lives are here. How do we make sure our experience matches that?” Getting 58% of customers to buy on the app, Asos is an example of a mobile app success story.

But Asos isn’t the only retailer that uses mobile apps to manage and increase purchases. The mobile app is one of the biggest changes in our digital age. Customers can access products more easily and it unifies online and in-store shopping experiences. Easier browsing means easier buying.

Mobile apps also help with your marketing strategies, as you can access data that allows you to customize shopping experiences. Automated customer service can also be integrated, making for a more streamlined system.

However, the great addition of the mobile app brings an increased risk of data breaches. An app lives on a person’s phone, meaning that it is always active. It’s a vulnerability. So, it can be difficult to ensure this protects consumer information. How can you solve this? Your apps will need the following:

  • Secure code. Developers must ensure that there are no weaknesses in their code that hackers could access. Again, this is why you must regularly update your software, in case vulnerabilities are detected.
  • Privacy by Design side by side with Security by Design need to be implemented throughout the lifecycle of the mobile app
  • Payment integrations must follow correct practices. PCI released these guidelines for a reason: to keep people safe.
  • Regulations on what data to collect. While data can be useful, the more you collect, the easier it is to breach – and the more tempting it becomes to the wrong people. Only collect information that is useful to you and will benefit your business.

Don’t let your mobile app be your downfall. When done well, it can be a great asset to your business. When done badly, it can be a security disaster. Here are some examples of what can go wrong:

  • Successfully exploited vulnerability in the app software, giving hackers way into the customer’s phone and many accounts information, including their virtual wallet.Phone app vulnerabilities are not the same as the ones on your website. Also, your organization cannot control O/S updates which can create more vulnerabilities 
  • Your organization is in the media and has to deal with privacy regulators because of a breach. An investigation into your organization’s privacy and security practices can be a big disruptor for your business and cut into your profits
  • Advertising and pop-ups within the app are yet another attack surface so your infosec/privacy teams need to double their efforts and work with marketing and the developers to make sure these are clean and don’t hinder the privacy of the potential customer.
  • And, yes, payments can go wrong, particularly on a phone app – this can generate the potential for fraud

Can your organization prevent these risks? With the help of Managed Privacy Canada, there is no doubt. We have the expertise, experience and we have developed best practices and documentation to support retailers to thrive. Our approach to practical privacy begins with your free 20-minute consultation. For more information, visit

Facebook: @ManagedPrivacy
Instagram: @ManagedPrivacyCanada
Twitter: @ManagedPrivacy

Share this post

Share on facebook
Share on twitter
Share on linkedin
Share on pinterest
Share on email

Sign up for our Newsletter