Security Magazine logo
  • Sign In
  • Create Account
  • Sign Out
  • My Account
  • NEWS
  • MANAGEMENT
  • PHYSICAL
  • CYBER
  • BLOG
  • COLUMNS
  • EXCLUSIVES
  • SECTORS
  • EVENTS
  • MEDIA
  • MORE
  • EMAG
  • SIGN UP!
cart
facebook twitter linkedin youtube
  • NEWS
  • Security Newswire
  • Technologies & Solutions
  • MANAGEMENT
  • Leadership Management
  • Enterprise Services
  • Security Education & Training
  • Logical Security
  • Security & Business Resilience
  • Profiles in Excellence
  • PHYSICAL
  • Access Management
  • Fire & Life Safety
  • Identity Management
  • Physical Security
  • Video Surveillance
  • Case Studies (Physical)
  • CYBER
  • Cybersecurity News
  • More
  • COLUMNS
  • Cyber Tactics
  • Leadership & Management
  • Security Talk
  • Career Intelligence
  • Leader to Leader
  • Cybersecurity Education & Training
  • EXCLUSIVES
  • Annual Guarding Report
  • Most Influential People in Security
  • The Security Benchmark Report
  • Top Guard and Security Officer Companies
  • Top Cybersecurity Leaders
  • Women in Security
  • SECTORS
  • Arenas / Stadiums / Leagues / Entertainment
  • Banking/Finance/Insurance
  • Construction, Real Estate, Property Management
  • Education: K-12
  • Education: University
  • Government: Federal, State and Local
  • Hospitality & Casinos
  • Hospitals & Medical Centers
  • Infrastructure:Electric,Gas & Water
  • Ports: Sea, Land, & Air
  • Retail/Restaurants/Convenience
  • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
  • Industry Events
  • Webinars
  • Solutions by Sector
  • Security 500 Conference
  • MEDIA
  • Videos
  • Podcasts
  • Polls
  • Photo Galleries
  • Videos
  • Cybersecurity & Geopolitical Discussion
  • Ask Me Anything (AMA) Series
  • MORE
  • Call for Entries
  • Classifieds & Job Listings
  • Continuing Education
  • Newsletter
  • Sponsor Insights
  • Store
  • White Papers
  • EMAG
  • eMagazine
  • This Month's Content
  • Advertise
Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
CybersecurityManagementSecurity Leadership and ManagementLogical SecuritySecurity & Business ResilienceRetail/Restaurants/Convenience

The gifts that keep on giving: Holiday retail authentication best practices

By Jim Taylor
holiday online shopping
December 20, 2021

As far as singers go, Andy Williams knew nothing about cybersecurity. For our sector, December is about as far away from “the most wonderful time of the year” as you can possibly get. Hackers love holidays: they disrupt security teams’ schedules, increase the volume of traffic and pressure on a system and ultimately expose vulnerabilities. Just last month, CISA shared a reminder noting that “malicious cyber actors [launch] serious and impactful ransomware attacks during holidays and weekends,” citing Independence Day and Mother’s Day as recent examples.

The holiday season will provide hackers with more time and opportunities to scam customers, tarnish business’ brands, steal Internet Protocol (IP), phish employees, expose businesses to GDPR violations and spread ransomware. Moreover, the fact that many new and lapsed users will begin using new services and devices — and likely request password resets in the process — will put additional strain on security teams.

Instead of Andy Williams, cybersecurity should look to Dr. Seuss, who knew to expect the Grinch on Christmas Eve. These best practices can help retail enterprise security leaders prepare for the high-stakes, high-pressure holidays:

Give users what they want — security and convenience

Every security team needs to balance security with convenience. That’s particularly urgent for retailers, who must remove as much friction as possible while still safeguarding customers’ information and protecting their accounts. Retailers also need to accommodate customers’ varying levels of comfort with technology; ensure that customers can authenticate using a range or devices and operating systems; and authenticate customers across all their channels — even if customers are offline. Finding this balance is challenging, but it’s absolutely essential to achieve as more of our lives play out online.

Going passwordless

The first step that retailers can take to create that balance is to minimize their biggest vulnerability and go passwordless. As a security measure, passwords are fundamentally flawed — the average user has around 100 passwords; two in three people use some form of the same password across multiple accounts, which can allow hackers to jump from one service to the next; and it takes less than a second to crack the most common passwords. Given these figures, it’s no surprise that, in 2020, 4 out of 5 hacking-related data breaches involved brute force or the use of weak or stolen passwords.

In addition to improving security, removing passwords is also good for retailers’ bottom lines. The rate of abandonment demonstrates that customers will walk away from a bad user experience or virtually any friction in the online shopping process: one report found that 57% of shoppers will abandon a site if they have to wait three seconds for the page to load. Long ago, passwords made some degree of sense when we were typing on full keyboards. But entering increasingly complex strings of numbers, letters and characters is much more challenging now on our phones. A recent report found that two-thirds of online shoppers lost interest in creating an account due to password requirements, and that nearly 40% of mobile users abandoned their cart when it became too difficult to enter their personal information.

Context matters

By integrating a variety of factors to establish trust, contextual authentication can verify that a user is who they claim to be more quickly, easily and safely than passwords can. Retailers can use a customer’s location, their IP address, the time that they’re making an access request, the device that they’re using and any other number of factors to inform this decision-making. They can also integrate external data — such as known IP addresses and breached emails — to increase or decrease their confidence.

Not every risk is created equal

Some access requests pose a greater degree of risk to your users and, by extension, to your business. Retailers should determine what requests or scenarios could pose the most harm to their business — an existing account logging in from a new device, changing a delivery address once an order has been submitted, submitting orders above a certain threshold, etc. Once you identify the scariest and likeliest incidents, begin using risk-based authentication to step-up verification requests when the situation demands it. Contextual authentication factors can also inform risk-based authentication and train security systems to make smarter decisions about when to challenge users. The best solutions will use machine learning to continuously improve and automate access decisions in real time.

For retailers, one size never fits all

Retailers need authentication that accommodates different users on different devices. But retailers’ generosity should never extend to the authentication vendors themselves. When sourcing authentication providers, retailers should demand solutions that can fit within their overall environment. That means looking for resources that maintain the look and feel of a retailer’s website and branding. If your authentication service can’t do that, or if they send your users bouncing between different pages to complete authentication, then start looking for another vendor.

Everyone needs multi-factor authentication

One gift that both retailers and their customers need is multi-factor authentication (MFA). By making MFA part of the user registration process, retailers can begin building trust early on and learn more about their customers, their habits and their preferred contact methods. Doing so also provides customers for a way to reset their passwords in case they become locked out.

Make your list and check it twice: by prioritizing authentication, eliminating passwords, deploying MFA and focusing on user experience, retail enterprise security leaders can ensure that hackers only get a lump of coal in their stockings.

KEYWORDS: cybercrime holiday season holiday shopping multi-factor authentication password security passwordless retail cyber security risk management

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Jim Taylor is the Chief Product Officer of SecurID.

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Cybersecurity
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Security Leadership and Management
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    Cybersecurity
    By: Charles Denyer
close

1 COMPLIMENTARY ARTICLE(S) LEFT

Loader

Already Registered? Sign in now.

Manage My Account
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

The Money Laundering Machine: Inside the global crime epidemic - Episode 24

The Money Laundering Machine: Inside the global crime epidemic - Episode 24

Middle East Escalation, Humanitarian Law and Disinformation – Episode 25

Middle East Escalation, Humanitarian Law and Disinformation – Episode 25

Security’s Top 5 – 2024 Year in Review

Security’s Top 5 – 2024 Year in Review

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Sureview screen
    Sponsored bySureView Systems

    The Evolution of Automation in the Command Center

  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

Popular Stories

Rendered computer with keyboard

16B Login Credentials Exposed in World’s Largest Data Breach

Verizon on phone screen

61M Records Listed for Sale Online, Allegedly Belong to Verizon

Security’s 2025 Women in Security

Security’s 2025 Women in Security

Red spiderweb

From Retail to Insurance, Scattered Spider Changes Targets

blurry multicolored text on black screen

PowerSchool Education Technology Company Announces Data Breach

2025 Security Benchmark banner

Events

July 17, 2025

Tech in the Jungle: Leveraging Surveillance, Access Control, and Technology in Unique Environments

What do zebras, school groups and high-tech surveillance have in common? They're all part of a day’s work for the security team at the Toledo Zoo.

August 7, 2025

Threats to the Energy Sector: Implications for Corporate and National Security

The energy sector has found itself in the crosshairs of virtually every bad actor on the global stage.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • SEC0721-Edu-Feat-slide1_900px

    COVID-19 brought all hands on deck: Why we need to keep it that way

    See More
  • digital-cyber

    6 Best Practices that Reduce Third-Party Cybersecurity Risk

    See More
  • Keeping Employees Cyber-Aware Keeps the Enterprise Cyber-Secure

    Best Practices to Help Teams Stay Safe Online

    See More

Related Products

See More Products
  • facility manager.jpg

    The Facility Manager's Guide to Safety and Security

  • Risk-Analysis.gif

    Risk Analysis and the Security Survey, 4th Edition

  • The-Complete-Guide-to-Physi.gif

    The Complete Guide to Physical Security

See More Products
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing

Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!