Live from the Global Retail Insights 2011 report release #ACRS

I spent the first part of this morning in the audience of the Australian Centre for Retail Studies (ACRS) Global Retail Insights report. The event started with a presentation from Dr Sean Sands from the ACRS, who discussed cross-channel activity and how spending and customer behaviour are moving from traditional channels to newer media channels. He also highlighted the propensity for consumers to undertake online research before making a purchase, using online services such as websites and search engines, particularly through mobile, before heading out to a shopping mall. In terms of purchasing, the physical store still reigns supreme, with retailer and manufacturer websites ranked third and fourth.

He also talked about mobile and the way that it was changing the game once more, such as through enabling consumers to do on-the-spot price comparisons in-store. The number of consumers who access retail websites through their mobile phone has grown from 24 percent last year to 33 percent now. He also talked about social media, and the fact that 40 percent of people who “like” a Facebook page do so to seek discounts and promotions, but many do so to learn more, stay informed, and get access to entertainment and exclusive content. Dr Sands also discussed location-based services, specifically Facebook’s check-in facility that enables people to redeem coupoons through their mobile phone.

Looking forward, he said trditional retailers saw integration of online systems with existing business models as being the biggest challenge, particularly for franchise operators. While 45 percent of investment will be in advertising and promotion, 41 percent of investment will go into enabling online selling. He also highlighted the use of video, particularly at Marks & Spencer, that has created videos about both its products but also the stories behind them, and French Connection’s Youtique video site. And he showed the Lego augmented reality experience, which uses AR to show what a toy looks like once its assembled.

The second presentation was from Andrew Eckford from Google Australia, who talked about the recent move by many Australian retailers to get online in a serious way. The growth of shopping related search queries hit 35 percent last year, and is much higher in some categories. On mobile devices the number of shopping-related queries as a percentage of the total searches grew from 2.5 percent in January 2009 to around 17.5 percent by December, and 50 percent of Australians will have access to a smartphone by the end of 2011. Mobile devices can bring consumers closer to retail content and services when they need them.

ACRS’ Carla Ferraro discussed specific research around green consumers, while Salmat’s Sean McDonell discussed multichannel strategies, and the fact that things are only going to get faster. He also touched on how traditional retailers can balance their new investment in multichannel strategies against their existing investment in bricks-and-mortar retailing. He said the first step was to recognise that there was a change, and some retailers contended that they would reduce their retail space, or re-dedicate it to collection facilities or other ways of supporting their online activity. Once again however, the key theme was the rise of mobile and its importance as both a mechanism for building a connection to customers and driving transactions.

Notes from FST Media’s Future of Security conference

The third annual FST Media Future of Security in Banking and Financial Services conference took place this week in Sydney and Melbourne and featured a wide variety of speakers from across Australia’s financial services organisations.

The opening address was from ANZ Banking Group’s head of alliances and emerging payments, consumer cards and unsecured lending retail products, Greg Drumm, whose presentation covered the issues of securing financial transactions and information in a mobile environment. After running through a brief history of the mobile industry to set the context, he described a world where mobile devices have become a mainstream mobile financial services tool. The newness of mobile payments mean few risks have yet emerged, but Drumm said you can guarantee that they would, especially as fast and reliable identification methods are not yet available in the wider world. He also cautioned that identity fraud costs Australia $4 billion each year, while in the US it is apparently more lucrative than the drug trade. Voice verification shows promise as an authentication tool, but is still not a perfect solution in all situations. Drumm also called for a re-energizing of the partnership between the private sector and government to ensure that issues of security are handled in an effective manner.

The second session was presented by IBM and delivered by Paul Watters, a research director for the Internet Commerce Security Laboratory (ICSL). Watters led the audience through a thought experiment where he asked them to put themselves in the shoes of those on the ‘dark side’, to think about how criminals actually run their business. His presentation demonstrated how cybercrime organisations have many of the same attributes of legitimate businesses in terms of having budgets and targets. They will go after the richest targets but follow the path of least resistance, and many have developed specialisations. They also tend to keep business hours as well.

The third session was the Leaders Panel, where four industry specialists discussed trends relating to electronic security and fraud, under the leadership of Fortify founder and CTO Roger Thornton. Amongst the numerous discussion threads was the notion that cyber-criminals will tend to be opportunistic and will move to different markets and organisations as weaknesses are detected and remedied. They will always target the path of least resistance, but as the defences become more complex, so too do the complexity of the attacks. Threats are also evolving quickly, leading financial services companies to have to increase their research and intelligence work to better anticipate what is coming. But even relatively unsophisticated attacks can get past complex security systems in the right circumstances. While fraudsters are getting cleverer, the panel agreed that to date the good guys are one step ahead, and may have even increased the gap slightly in the past year.

After the morning tea break Suncorp’s executive manager for group financial crimes, Marty Latimer, talked through the details of how Suncorp deals with online fraud. Latimer said that in almost every case the fraud involves a new IP address and a larger than normal amount transferred into a new account. But recent attempts are becoming more complex. He said his team was constantly battling ‘speed’ in responding to new threats, while man-in-the-middle attacks are emerging that get around two-factor authentication, and social media is also becoming a more prevalent attack vector. The big question is whether fraud detection systems can keep up, as he pointed out that the next generation of users live their entire life online. He said the key was in developing fluid analytics that could model on-the-fly to intervene only in high-risk transactions, with real time intelligence sharing to detect more complex fraud indicators such as authentication bypasses.

The final presentation was from Zlatko Hristov, regional head of IT security at MF Global. He opened with the statistic that 65 percent of web surfers had fallen victim to cybercrime, and then took the audience through a possible scenario involving a business user being infected while on a public WiFi network, demonstrating how the malware package could perform functions from key-logging bank details to acting as a router when it connects to a business network and alerting a command and control host to create a breach through which an attack could be launched. He also took the audience through a live hacking demonstration, where a computer was exploited and a malicious payload uploaded. What was most surprising was how easy he made it appear. “User awareness is the most powerful weapon, but it is the most difficult to implement,” Hristov said.