With the biggest shopping events of the season, retailers face tremendous amounts of both risk and reward as sales and door-busters draw in eager consumers all week. In 2013, Thanksgiving deals brought in 92.1 million shoppers to spend over $50 billion in a single weekend, the National Retail Federation reports.
The National Retail Federation issued crowd management guidelines for retailers and mall management officials to use when planning special events, including Black Friday, product launches, celebrity appearances and promotional sales. General considerations to plan for and curtail any crowd control issues include:
- Remind and retrain all employees about your store’s emergency protocols to address potential risks facing employees and customers.
- Dedicate knowledgeable employees to communicate and manage crowds, from arrival to departure, and resolve any potential conflicts that may arise.
- Strategically place sale items throughout the store to help disperse crowds and manage traffic flow.
- Request the assistance of local law enforcement if large crowds are expected and arrange for additional security services.
- Educate employees about relevant policies and procedures and advise them who to contact in the event of a situation.
Last week, the U.S. Department of Labor’s Occupational Safety and Health Administration also issued a public letter to retailers urging companies to plan ahead for better in-store safety for both employees and customers. According to OSHA’s “Crowd Management Safety Guidelines for Retailers,” crowd management plans should, at least, include:
- On-site trained security personnel or police officers
- Barricades or rope lines for pedestrians that do not start right in front of the store’s entrance
- The implementation of crowd control measures well in advance of customers arriving at the store
- Emergency procedures in place to address potential dangers
- Methods for explaining approach and entrance procedures to the arriving public
- Not allowing additional customers to enter the store when it reaches its maximum occupancy level
- Not blocking or locking exit doors
Brick-and-mortar retailers are not the only ones at greater risk. Companies that operate call centers must also be prepared for a drastic increase in customer inquiries and purchases. According to communications intelligence firm Cognia, 69% of U.S. contact centers carry out credit card payments over the phone and 84% record calls, making their archives particularly vulnerable to potential breaches.
“The first thing to highlight with respect to call center compliance at peak times is that this pressure is unlikely to create new issues, but will amplify existing ones. Attackers / threat actors (the bad guys) will also be aware that this is the time at which procedures are most likely to slip, and social engineering vulnerabilities that have previously been identified can be exploited,” said Tom Evans, Cognia’s chief security officer.
“There are challenges but, from a risk perspective, there is also an opportunity to fine-tune the risk management system under pressure. At these peak times, issues will be visible that would go undetected during business as usual operation,” Evans noted. “There is an opportunity to be proactive and to use the pressure around these peak sales times to identify bad practice that, during less pressured periods, is probably limited to one or two individuals or occasional occurrences, and therefore very hard to spot. Even the most dependable employee under the pressure on big queues may resort to a shortcut to get the job done. Identifying these means that controls can be put in place to prevent them being used again, and therefore the overall risk management position improved.”
To improve security and PCI compliance, Evans recommends that companies focus on areas that have lower security controls overall. For example, seasonal employees, over-spill call centers, and work at home agents may all be components of a contingency plan for peak periods that introduce vulnerability that can be mitigated.