Is your business utilising algorithmic processing?
A key trend to keep watch on is the increasing use of algorithmic processing. Such processing is becoming ubiquitous, popping up in all manner of scenarios including in loyalty card schemes, developing 'single customer view' programmes, targeted marketing (increasingly online and digital) and product placement, assessing eligibility for credit arrangements, and in recruitment. Algorithmic processing of biometric data in store locations, for instance for the purpose of automated facial recognition and pandemic related safety measures is also beginning to rise. It is essential to understand that whatever the use cases for algorithmic processing, the benefits should be understood and assessed alongside the risks. One only needs to consider the legal challenge brought over South Wales Police's use of automated facial recognition in shopping centres, or the English school exam results scandal and reversal of approach (both 2020) to understand that the media and public's awareness and perceptions of algorithmic processing is increasing and highly sceptical, leading to challenge except where the use of such processing is seen as fair, and flawlessly implemented.
Protecting your business, Cyber Security and Magecart
However, with every benefit comes challenge, and the switch to online sales has also provided a significant opportunity for criminals who seek to profit from crises. In light of the increased risk of cybercrime, retailers should be considering how confident they are in their ability to prevent, detect, and respond to a highly active and increasingly persistent and sophisticated cohort of cyber adversaries. When considering confidence in cyber defences, retailers must consider common cyber threats faced by the industry. For instance, retail is one of the most affected industries when it comes to online payment data theft and fraud, such as Magecart attacks. Magecart is the name given to a group of online criminals specialising in online card theft and data skimming from online payment forms. Magecart is also the name given to the malicious code they deploy on retail websites and payment pages, often via third party suppliers, to perform the attacks. In order to defend themselves against this, retailers must ensure they are performing regular checks and scans to make sure their website code remains secure (including third party provided code and apps) and that no malicious code has been included, particularly on payments pages.
With cyber-attacks on the rise it should be considered a matter of when, not if, an attack will come. As such, retailers must consider whether suitable measures are in place to detect and respond effectively to a cyber-attack and recover in the aftermath. Such measures might include cyber insurance coverage and access to professional help such as technical incident investigators and responders, legal specialists, and PR professionals.
If you have any questions or would like more information please contact Shervin Nahid, Associate or find out more about our Data Protection and Cyber Security team.