IoT Security for Retail: Securing the Connected Store

Skip to content

We examine how IoT devices can transform the in-store retail experience and the crucial role embedded security plays in architecting this new reality. We look at the importance of building-in best practice security and how to build trust in connected devices.

It is estimated that there are around 50,000 fewer retail stores than there were 10 years ago: with consumers embracing the speed, convenience, and cheaper prices of online shopping it is expected to be the dominant retail channel by 2028. The coronavirus pandemic has only accelerated this migration, moving people out of stores, and directing them online as the shopping channel of choice and necessity. These changes are unlikely to be short-term: A report by Alvarez & Marsal estimates that 17.2 million British consumers intend to make permanent changes to the way they shop because of the pandemic. As well as managing these short-term challenges, retailers need to consider the long-term changes: How can they reinvent the in-store shopping experience for a post-pandemic world? What new functionality can they offer customers to entice them back into their stores? More importantly, how can we ensure this new experience is secure?

In this blog we explore how digital transformation, and the Internet of Things (IoT), can revolutionize the in-store shopping experience, unlocking new possibilities of personalization and automation. We also examine the importance of building security into every device involved in this new experience and how certification schemes, like PSA Certified, can help build consumer trust.

Retailers Need to Embrace the Omni-channel Experience

In order to revolutionize the offline shopping experience, retailers need to re-design the in-store shopping journey and take a multi-channel approach in order to provide an omni-channel experience. An omni-channel experience is a customer-focused approach to retail that has all the channels working together to provide a fully personalized experience– both online and offline. For example, a customer might buy in-store a product they viewed online, using a discount code from the retailer’s app. IoT devices will be instrumental in building these connected shopping journeys and will unlock many key advantages, including personalized marketing campaigns to aid sales, a whole wealth of in-store support for upselling, more cost-efficient logistics and smarter stock management:  

The connected supply chain ensures the smooth and efficient movement of goods.

The connected store: Scan-as-you-go equipment and smart shelves can fast track shopping, whilst beacons and sensors gather a host of data on customer behavior. This includes tracking what items customers selected, what items they discarded and how stores or shopping malls are traversed by buyers. This data unlocks new possibilities of personalization that maximizes conversion rates and attracts valuable and loyal customers.

The connected warehouse provides a smarter way of controlling stock for stores.

The connected warehouse: AI-based automation provides a smarter way of controlling stock for stores as mechanical arms can select and sort products faster and more accurately than humans. New software can also help predict trends and calculate daily stock movements.

The connected supply chain ensures the smooth and efficient movement of goods.

The connected supply chain: From authenticating the location of goods at any time, tracking the speed of movement to monitoring storage conditions, IoT devices help move goods smoothly through the supply chain. Having real-time visibility of goods drives informed decision making, cutting costs, and resulting in a more agile business.

However, we can only take advantage of these new possibilities if the connected devices employed are secure. This goes for every device in your network, not just those providing the efficiencies. For example, if a connected light in your shop is not secure, then you are leaving it open as a way into your network and putting every connected device in your retail space at risk. This includes your payment machines that run on the same network– every connected device poses a risk. With many online brands already starting to open their own connected stores, traditional retailers need to act fast, but not without first ensuring the devices they are employing are secure.  

Trusted Data is Key

The connected store and supply chain will employ a huge number of devices and will rely heavily on the use of location and personal data, including demographics, purchasing habits and in some cases financial details. Due to the sheer number of devices, the data they provide will need to be managed and analyzed to provide real value. This is where AI plays its role, consuming and interpreting the data and transforming it into a valuable business service that will transform industries. Trusted data is the key link between connected devices and valuable digital transformation. To generate trusted data, it needs to come from trusted devices. These devices should be collecting data responsibly and managing it cryptographically in a way that cannot be affected by hackers or adversaries.   

Underpinning all this is the need for security: A chain of trust is needed to secure each element of mass digital transformation and smoothly bring them together. Anchoring this is the Root of Trust (RoT) ─ a secure source that allows a device to complete sensitive functions securely, such as keeping private keys confidential and performing Crypto. Although the technical makeup of connected devices might be very different, they must all have a foundation of security. A RoT fortifies security at the heart of an IoT device by building it into the silicon. This provides the baseline of security that is needed to anchor all these services together and unlock the potential of mass digital transformation across all industries, including retail.

A chain of trust is needed to secure each element of mass digital transformation.

Consumers are Looking to Governments for Regulations

Consumers are increasingly understanding the issues surrounding privacy and security and are starting to expect a high level of security in all devices, even the ones they do not directly use. 88% of consumers surveyed by Consumers International and The Internet Society agreed that security standards should be assured by regulators. Governments are responding to these expectations and introducing new laws, regulations, and baseline requirements that ensure digital transformation does not come at the expense of customers. Earlier this year the UK Government’s Department of Culture, Media and Sport (DCMS) announced their intention to bring in new legislation on the security of connected devices following similar moves by the United States and Europe who in 2020 released the NISTIR 8259A and the ETSI EN 303 645 standards, respectively.

The Benefits of Security Certification

There are many benefits of security certification especially within the IoT industry where there is increasing demand for a universal baseline. The PSA Certified 2021 Security Report, Bridging the Gap, surveyed key tech decision makers from around the world and found that 84% believe security certifications can be of value to them. Primarily certification demonstrates your commitment to implementing best practice security and provides independent third-party evaluation that the security features built into a product are robust enough. This benefits device manufacturers in two ways; firstly, it allows them to make informed purchasing decisions when choosing different components, ensuring they have the right level of security needed for their end device. Secondly, certifying their own products allows them to position themselves as more reliable than their competitors- building trust with customers, strengthening their brand and enhancing their reputation.

The PSA Certified 2021 Security Report found an overwhelming desire for an industry led set of IoT security guidelines.

How Can PSA Certified Help?

PSA Certified offers a comprehensive framework for securing devices, from methodology and analysis through to independent security assessment and certification. Underpinned by the 10 security goals, the scheme breaks down IoT security design and implementation into a simple four step process. PSA Certified Level 1 also maps to major worldwide regulations including ETSI EN 303 645, NIST 8259A and Californian State Law SB-327, facilitating the global applicability of your products and showcasing alignment to security best practice. The PSA Certified founders continually assess emerging regulations and standards as they develop to ensure alignment.