By NHI Mgmt Group Editorial TeamPublished 2025-08-14Domain: General NHISource: Comarch

TL;DR: Retailers with legacy loyalty platforms face operational drag, churn risk, and missed high-margin revenue because slow change cycles block real-time offers and personalisation, according to Comarch. The deeper lesson is that partial modernisation creates innovation debt, which delays foundational change and widens the gap between customer expectations and delivery capacity.


At a glance

What this is: This is an analysis of how legacy loyalty technology creates hidden business costs, with agility, churn, and missed revenue emerging as the core failure modes.

Why it matters: It matters to identity and access practitioners because the same governance patterns that make platforms rigid and fragmented also weaken lifecycle control, entitlement change, and operational responsiveness across NHI, autonomous, and human programmes.

By the numbers:

👉 Read Comarch's analysis of the real cost of inaction in retail loyalty


Context

Retail loyalty programmes fail when the underlying platform cannot support fast, targeted change. In practice, that creates an agility gap between what the business wants to launch and what the technology can actually deliver, which in turn drives operational drag, weaker engagement, and slower monetisation of first-party data.

For identity and access teams, the lesson is not about retail mechanics alone. It is about how brittle technology stacks often correlate with brittle governance, where lifecycle change, segmentation, and privilege adjustment are all slowed by manual handoffs and legacy control models.


Key questions

Q: How should teams reduce operational drag in legacy loyalty platforms?

A: Start by separating business configuration from code-dependent release paths, then measure how many routine changes still need IT tickets, testing, or deployment windows. The goal is to make common offer changes self-service where policy allows, while keeping genuine control gates around high-risk data and entitlement changes. That reduces delay without weakening governance.

Q: When does partial modernisation create more risk than value?

A: Partial modernisation becomes risky when a new module cannot work with live identity, customer, or transaction data. In that case, the system may look updated but still makes generic decisions and adds another layer of operational complexity. Organisations should treat that pattern as innovation debt, because it delays the real fix while increasing future remediation cost.

Q: How can organisations tell whether a loyalty platform is actually agile?

A: Look at the time from decision to live deployment, the number of manual handoffs, and whether teams can act on current data without engineering intervention. A genuinely agile platform shortens the path from idea to execution and preserves governance over exceptions, not routine change. If everything still depends on a ticket, the platform is not agile.

Q: What should identity teams learn from retail loyalty modernisation?

A: Identity teams should learn that platform rigidity often becomes governance rigidity. If access changes, lifecycle updates, or policy decisions require repeated manual coordination, the programme will struggle to respond at business speed. The practical lesson is to design for operational responsiveness, because slow control execution eventually becomes a business risk.


Technical breakdown

Operational drag in legacy loyalty platforms

Operational drag appears when every meaningful change requires ticketing, coding, testing, and release coordination instead of direct business configuration. In loyalty environments, that means marketing teams cannot respond to customer behaviour or commercial opportunities at the speed the market expects. The technical issue is not just poor UX. It is a control plane that centralises change so tightly that simple campaign updates become software delivery projects. That structure reduces agility, increases dependency on scarce engineering capacity, and turns routine programme operations into bottlenecks.

Practical implication: separate business configuration from core code paths so campaign changes do not depend on full IT release cycles.

Innovation debt from bolt-on modules

Innovation debt is the accumulation of failure caused by partial modernisation. A standalone module may add one visible feature, but if it cannot consume real-time customer and transaction data, the feature remains generic and underperforms. Architecturally, this is a context problem. The module lacks the identity, behaviour, and event signals needed to make relevant decisions at runtime. Organisations then misread the weak result as a product failure, when the real issue is integration failure and incomplete data access.

Practical implication: evaluate whether new modules can act on live data and shared identity context before approving partial upgrades.

Real-time personalisation and retail media networks

Retail media and personalised offers depend on immediate access to customer signals, purchase history, and segmentation logic. If the platform cannot resolve those data points in real time, it cannot support high-margin campaigns or responsive customer treatment. This is a governance and architecture problem as much as a commercial one, because delayed data access prevents policy decisions from being applied at the moment of interaction. The result is predictable: lower engagement, weaker monetisation, and a growing gap between competitors who can operationalise data and those who cannot.

Practical implication: align identity, customer data, and offer orchestration around real-time access paths instead of batch-oriented reporting flows.


Threat narrative

Attacker objective: The practical objective is not cyber compromise but commercial paralysis, where a rigid platform prevents the business from acting fast enough to retain customers and monetise data.

  1. Entry occurs through a business need for faster loyalty offers, which exposes the mismatch between market demand and legacy platform capability.
  2. Escalation happens when teams are forced into manual workarounds, ticket queues, and bolt-on modules that cannot access live customer context.
  3. Impact is delayed launches, weaker engagement, lost revenue opportunities, and innovation debt that makes future modernisation harder.

Read our 52 NHI Breaches Analysis report for a comprehensive view of breaches impacting Non-Human Identities including AI Agents.


NHI Mgmt Group analysis

Legacy loyalty platforms create governance drag before they create commercial drag. The article shows that slow offer launch cycles are not just an IT inconvenience. They are a structural limitation that forces the business to plan around the platform instead of governing the platform around the business. That same pattern appears in identity programmes when lifecycle changes, access updates, and policy decisions are trapped inside manual release workflows. Practitioners should treat platform speed as a governance issue, not a marketing preference.

Innovation debt is the right name for partial modernisation that cannot see live identity context. A bolt-on module that cannot consume current customer and transaction data does not solve the underlying control problem. It creates a second, weaker decision layer that looks modern but behaves generically. The implication for IAM and NHI teams is clear: incomplete integration preserves the old control model while adding new complexity, which makes future remediation slower and harder.

Real-time personalisation is increasingly an identity problem, not just a customer-experience problem. Retail media, instant offers, and targeted engagement depend on trustworthy, current identity and event data. When identity context is stale, the system cannot decide who should see what, when, or why. That means the commercial value of the programme now depends on how well identity and data governance are synchronised. Practitioners should expect more pressure to prove that identity data is operationally usable, not just archived.

Cross-functional rigidity is now a strategic risk for every identity programme. When business teams need ticket-based change for routine actions, the underlying platform is already constraining governance outcomes. In IAM terms, that same rigidity shows up as delayed offboarding, slow entitlement changes, and fragmented ownership across teams. The broader lesson is that control frameworks fail when the operating model cannot move at the speed of the decision it is meant to govern. Practitioners should re-evaluate where manual dependency has become the real control boundary.

From our research:

  • The average estimated time to remediate a leaked secret is 27 days, despite 75% of organisations expressing strong confidence in their secrets management capabilities, according to The State of Secrets in AppSec.
  • 43% of security professionals are concerned about AI systems learning and reproducing sensitive information patterns from codebases.
  • For a related breach lens, DeepSeek breach shows how exposed secrets and sensitive records can create large-scale governance exposure across development and operations.

What this signals

Innovation debt: when organisations keep adding modules without connecting them to live data and decision context, they extend the life of the old control model instead of replacing it. That matters for identity programmes because delayed access change, delayed offboarding, and delayed policy enforcement all have the same economic effect as delayed loyalty launches: they widen the gap between governance intent and operational reality.

The pressure point is moving from static administration to real-time decisioning, which is why identity leaders should watch for rising demand to prove that controls are operationally usable, not merely documented. The NIST Cybersecurity Framework 2.0 is a useful reference point for aligning governance, protection, and recovery around business speed.

As customer-facing systems become more dynamic, the boundary between platform agility and identity governance gets thinner. That means IAM, IGA, PAM, and NHI teams should expect more scrutiny on how quickly entitlements, data access, and policy exceptions can be changed without creating new operational debt.


For practitioners

  • Map the business-to-technology delay chain Trace how long it takes for a loyalty or entitlement change to move from request to production, then identify where ticketing, testing, or approvals add unnecessary delay. Use that map to separate true control gates from legacy process friction.
  • Audit partial modernisation for missing runtime context Check whether bolt-on modules can access real-time customer, identity, and transaction data before they are approved as a replacement for core capability. If they cannot, treat the project as an integration risk, not a feature upgrade.
  • Define which decisions must be real time Classify offer selection, segmentation, and entitlement changes by the point at which delay becomes commercially harmful. Then align platform and governance design so those decisions are supported by live data rather than batch feeds.
  • Challenge innovation debt before approving new spend Require teams to explain how a proposed enhancement avoids creating a second control layer with no shared context. If the answer depends on manual reconciliation or duplicate data stores, the programme is likely creating innovation debt.

Key takeaways

  • Legacy loyalty technology creates hidden costs because every change is mediated by slow, manual control paths.
  • Partial modernisation often adds innovation debt rather than agility when new modules cannot act on live data.
  • Identity and access teams should treat operational speed as part of governance, because delayed control execution becomes business risk.

Standards & Framework Alignment

This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.

NIST CSF 2.0, NIST CSF 2.0 and NIST Zero Trust (SP 800-207) set the governance and control requirements practitioners need to meet.

FrameworkControl / ReferenceRelevance
NIST CSF 2.0GV.OC-01Operational drag shows up when governance cannot support business change at speed.
NIST CSF 2.0PR.AC-4Real-time personalisation depends on controlled, timely access to current identity and data.
NIST Zero Trust (SP 800-207)AC-4The article's core problem is slow, rigid enforcement of access and decision paths.

Design policy enforcement so legitimate business changes can occur without reengineering the control plane.


Key terms

  • Innovation debt: Innovation debt is the accumulated cost of fixing a legacy platform with partial, disconnected changes. The business gets a visible feature but keeps the old operating model underneath, so the programme inherits extra complexity, weaker context, and slower future change.
  • Operational drag: Operational drag is the delay and effort created when routine business changes require manual coordination, tickets, or engineering intervention. In identity and access programmes, it shows up when governance processes cannot keep pace with the decisions they are meant to support.
  • Real-time personalisation: Real-time personalisation is the ability to tailor an offer, message, or access decision using current data at the moment of interaction. It depends on live identity, behaviour, and event context being available to the system, not just stored in batch reports.

What's in the full article

Comarch's full blog post covers the operational detail this post intentionally leaves for the source:

  • The four hidden loyalty cost categories broken down into practical business impact terms.
  • Retail examples from Tesco and SuperValu showing how different modernisation choices changed programme value.
  • The article's simple framework for calculating the real cost of inaction using commercial and operational inputs.
  • The original quotes and narrative detail from Comarch's loyalty specialists, which add implementation context.

👉 Comarch's full post covers the retail examples, cost framework, and loyalty modernisation detail.

Deepen your knowledge

NHI governance, agentic AI identity, and machine identity lifecycle are core topics in our NHI Foundation Level course, the industry's only accredited NHI security programme. If you are responsible for identity security strategy or NHI governance in your organisation, it is worth exploring.
NHIMG Editorial Note
Published by the NHIMG editorial team on 2025-08-14.
NHI Mgmt Group — the independent authority on Non-Human Identity, IAM, and Agentic AI security. nhimg.org