Addressing Cyber Risks in Mexico's Unified Commerce Transition

As unified commerce continues to expand across Mexico, businesses are facing increasing challenges in securing data and digital infrastructures. The integration of traditional retail systems with emerging digital platforms has resulted in more complex, interconnected environments, which in turn have expanded the attack surface and introduced new vulnerabilities.

“The attack surfaces are becoming broader, more complex, and more dynamic. Companies must not only modernize their value propositions but also align their cybersecurity budgets with the evolving market needs,” said Ricardo Shuck, Vice President of Cybersecurity, TEC360 Cloud, speaking at the Mexico Business Forum 2025.

In this rapidly evolving digital landscape, organizations are under pressure to implement security strategies that prioritize protection from the very design phase. The shift toward unified commerce requires businesses to move beyond perimeter security models, adopting a comprehensive approach that ensures every interaction within the system is protected. However, many companies still lack the tools necessary to safeguard their data and systems from increasingly sophisticated cyberattacks.

“One of the main challenges is the unification of customer identities across multiple channels. Each channel interacts with customers in different ways, so it is crucial for organizations to understand this complexity to address it effectively,” explained Gerardo Quintanilla, CISO, El Palacio de Hierro.

Experts stress the importance of proactively adopting security solutions that are embedded from the design phase, with AI and machine learning playing a key role in these updated strategies. By analyzing behavioral patterns and detecting anomalies in real-time, these technologies enable faster responses to potential threats. However, integrating legacy systems with newer platforms remains a complex task, requiring significant technical coordination and continuous training for personnel.

“Every operational change comes with updates to infrastructure, protocol revisions, and process realignments. For us, moving from traditional, person-to-person models to digital platforms meant rethinking our entire approach to cybersecurity,” explained Camila Ponton, Director of Information Technology, Natura.

To improve system resilience, companies are adopting a security-by-design approach and emphasizing collaboration between cybersecurity and IT teams during development. Several organizations have implemented Zero Trust models, risk analysis frameworks, and advanced authentication measures, including biometrics.

“We introduced biometric onboarding to improve user security. Initially, it caused some friction, but over time, users came to appreciate the added protection. These solutions are essential, particularly when third-party involvement is required. It is crucial to verify their standards and ensure proper handling of sensitive data,” Ponton added.

The integration of legacy and modern systems also presents additional organizational challenges, particularly in terms of company culture. Resistance to change and gaps in cybersecurity knowledge across departments can delay implementation and reduce effectiveness.

“Not all tools are suitable for every scenario. It is vital to understand each department’s unique needs and select technologies accordingly. In many cases, collaborating with specialists ensures that investments are made in the right areas,” said Quintanilla.

For organizations aiming to balance innovation with security, the primary objective remains clear: protect data integrity without compromising the user experience. Security considerations must be integrated into every stage of innovation to ensure business continuity.

Quintanilla emphasized that companies cannot innovate successfully without a solid governance framework. “As organizations adopt AI, they must ensure their growth is ethical and sustainable. This involves balancing business goals with cybersecurity responsibilities”.

As unified commerce continues to grow, ensuring regulatory compliance has become a top priority. Companies must stay aligned with both local and international data privacy regulations to protect customer trust and avoid legal issues. 

Reputation is equally important. Experts stress that organizations must maintain integrity and handle personal data responsibly, ensuring compliance with relevant regulations and performing consistent internal audits.

“At our company, we focus on secure transactions and collaborate with domain experts. Every decision we make is driven by a commitment to customer satisfaction and safe operations,” Quintanilla shared.

“Internal audits and strong data governance are essential. In addition, companies must foster awareness of emerging threats and continuously refine their response strategies,” Ponton added.

Looking ahead, further automation and predictive analytics will define the next phase of cybersecurity for unified commerce. AI-powered platforms will be able to detect and mitigate risks in real-time, allowing businesses to move from reactive to proactive security strategies.

“The future will require collaboration between businesses and regulators to establish adaptable cybersecurity standards. As digital transformation accelerates, consumer expectations for security will continue to rise,” concluded Quintanilla.

The effective implementation of Zero Trust models is also seen as fundamental. By securing every interaction point, limiting data exposure, and controlling access in real-time, retailers can better manage risk.

“Tokenization, encryption, and just-in-time data access are essential to protect customer information. Every touchpoint matters—especially in retail, where identities are distributed across various systems,” Ponton remarked.

However, the digital shift also introduces new risks, especially as AI technologies become more prevalent. Companies must create robust frameworks to ensure that the security tools designed to protect data do not become vulnerabilities themselves. Given that AI can be used both constructively and maliciously, the main challenge will be identifying and mitigating threats while still leveraging the benefits of new technologies.

In the long run, cybersecurity in unified commerce is expected to evolve through greater automation, with platforms able to detect and address risks in real-time through deeper integration of AI and predictive analytics.