The Weak Link in the Omnicommerce Security Value-Chain

A far cry from the first ARPANET e-commerce transaction is omnichannel digital commerce or omnicommerce. As e-commerce matures, mobile devices become the second brain in our hands, and connectivity steadily improves, retailers and service providers are leveraging every asset available to them to improve engagement with customers and drive repeat sales.

It is now typical for a retailer to leverage their physical world presence for providing customers with the comforting touch and feel of their products, their websites for browsing, comparing product specifications and competitor pricing, and their mobile apps for reaching out and enticing customers based on time, location and context. Collectively, all these channels or the omnichannel approach, supported by consumer profiling and behavioral data analytics, is helping providers auto-populate consumer shopping carts, close out a long contemplated acquisition by enticing the consumer with favorable financing, or force an impulse buy through a too-good-to-be-passed promotion just as the consumer walks by the store.

Along with the physical world and the virtual world, there is now a third front – namely media – that is poised to start driving transactions. Increasingly all media, user-generated or curated, will become launch pads and conduits for transactions. While this is clearly a categorization under the virtual channel, its growing importance as a channel and depth of engagement warrants special treatment.

As the front-end of the commerce equation evolves between the consumer and providers, the back-end payment and settlement network continues to evolve more or less in lockstep. First came the ability to process existing credit, debit and gift or prepaid cards online, followed by virtualization of the payment products themselves. The supporting networks continued to evolve, ensuring that they could handle transactions initiated in the real as well as the virtual world, and more importantly ensure that certain aspects of these transactions could leverage economies of scale while others continued to treat them differently, insulating them from systemic abuse and misuse.

Encryption of payment credentials has steadily improved over the years, not only in terms of entropy but also in terms of the overarching security business model. Security from a technology perspective is a function of time and computing power, essentially indicating that by increasing time or computing power any level of encryption can be compromised.

As the science of encryption and cryptography continues to advance, the more pragmatic approach is to combine the best possible security technology with a business model that ensures all the players in the value-chain are equally incentivized to repel fraud. It is obvious that the weakest link introduces the most vulnerability into the overall system, and it is safe to assume that the weakest link is the one that is not appropriately compensated for ensuring that the highest level of security technology and processes are in place. Effectively the weakest link in the omnicommerce security value chain is not a technology component, but the underlying business model.

While there is always more work to be done on both fronts, technology and business, it is safe to say that the ecosystem has been sensitized. There is genuine hope that with more collaboration – at the consumer, the enterprise, and the government level – the overall ecosystem will be in a lot better position to thwart abuses by negative players. That said, beyond security, privacy continues to be challenged.

Check out Mehul Desai’s August of Money.