Quick Stats

Quick Stats

    You are here

    Embrace Big Data, But With Caution

    As retailers increase use of analytics, there's more info to be compromised.

    By Brad Cyprus, VendorSafe

    Every day, business owners are being bombarded with software, systems and processes that make grandiose promises around using "big data" or "analytics," but what does this technology really mean to the average convenience store operator? Furthermore, what impact does it have on relationships with customers in the future, and how does a business responsibly manage customer privacy concerns and the need to keep this data secure — all with the desire to learn more about its customers?

    First, let’s simplify what big data and analytics really mean. Over the past 20 years, virtually every business system has become digitized, silently collecting data. In most cases, this data was of little business use, simply adding to a database used only by technical staff to diagnose system problems. As more systems became digitally connected, these databases grew and became known as big data. Size did not immediately mean value, however. That happened after people learned how to analyze the data and realized the true worth of this information.

    Big data can come from an almost endless number of sources, but it typically includes log data from computer systems, network switches, routers, firewalls, software packages, infrastructure equipment and, most critically, wireless access points. Twenty years ago, few pieces of equipment were capable of generating information about their activity. Today, everything includes a computer chip and an increasing number of devices are connecting to the Internet.

    This means modern equipment often sends data back to operators to help make businesses more efficient. In a gas station alone, think about all of the controller systems capable of reporting their statuses, including pump controllers, smart thermostats, entry alarm systems and even soda fountains with diagnostics. 

    On top of that, point-of-sale systems are reporting on their activities and their underlying computer systems log every event. Meanwhile, networks and Wi-Fi equipment track everything that happens in and around the network, such as packet flow, transactions from a site controller or noteworthy security events.

    Until recently, the sheer volume of information made it impossible to sort through the electronic noise.

    Enter analytics — the science (or art) of pulling usable information from a big data set. Now that actionable intelligence can be derived from sets, the future of business planning and market research is focused on the implementation of a big-data gathering system and the analytics needed to make it useful. Ignoring the millions of useless data points and picking out the critical ones is the goal of every analytic system. Organizations that use the data flowing into their environments have a tremendous advantage vs. their less-informed peers.

    Using a simple loyalty program as an example, we can see the difference this approach can make. Creating these programs can be simple, but it’s more valuable if a merchant can determine how many repeat customers participate in the offering. Without big data and analytics, it is hard to identify repeat customers who never signed up for the program. However, using data obtained from advanced Wi-Fi access points, businesses can track when a unique cell phone is in range of checkout areas. Thus, they can determine the size of their repeat customer base. Compare that to the number of loyalty purchases and the value of the program can be quantified.

    However, it is easy to see from this example how data seemingly collected for a valid business purpose can quickly become a privacy concern. The collection and use of cell phone data to track customers is happening today in stores throughout the country. Many are not aware of how easy it is to track cell phones using Wi-Fi networks. When smartphones are configured to automatically search for available networks, they send phone-specific information to all wireless access points in the area. Businesses quickly see the value of utilizing that data to analyze customer traffic, but consumers shudder at the potential invasion of their privacy.

    Fortunately, from a security and identity theft standpoint, the data presented by smartphones as part of their wireless signals cannot be easily tied back to the owners. The only direct link is the phone’s hardware address, or MAC address. However, if the usage of big data has proven anything, it is that clever queries can be created to tie seemingly unrelated data together.

    Imagine if a customer uses his or her credit card while shopping at a store utilizing advanced Wi-Fi, and that business ties the phone’s MAC address to a specific transaction. That business can now associate a particular phone with its owner, while potentially failing to ask for permission. It is clear why this scenario causes some consumers to worry.

    The responsibility of how this data is used and protected falls upon the merchants who are gathering it, and the vendors providing the tools to store and collect this information. It is safe to say that anyone who embraces big data and analytics must consider the data gathered to be critically sensitive and protected to the same degree as any other personally identifiable information. This is true even if, at first glance, the data seems innocuous.

    New data breaches are reported every week as email addresses, passwords, and personal and financial information are stolen. The introduction of big data and analytics means there is even more information out there to be compromised. The proliferation of these business tools will make operators smarter and better able to serve their customers, but it also means they must look at their network security with an eye toward the type of information held in the depths of their systems.

    Editor’s note: The opinions expressed in this column are the author's and do not necessarily reflect the views of Convenience Store News

    By Brad Cyprus, VendorSafe
    • About Brad Cyprus Brad Cyprus has 25-plus years of experience in the security industry. Currently, he manages the market development of in-house solutions to validate compliance and payment card industry standards for VendorSafe. Additionally, he serves as chairman of the PCI/Data Security Committee for the Retail Solutions Providers Association (RSPA) and is a key contributor to RSPA's PCIWise course.

    Related Content

    Related Content