Retail Data Security: Why There Are So Many Challenges
If you just went by the headlines, you might think retailers were the only ones getting pummeled by cyber thieves.
Granted, retail data breaches may get the most media attention because store names are so recognisable.
Also, a Verizon report showed that in 2014, retail accounted for 1 in 13 data breach incidents (financial services accounted for about 1 in 7).
At the same time, when you look more closely at the numbers there’s a lot to be worried about. Retail organisations detected 154% more incidents in 2015 compared to the year before, according to the Global State of Information Security Survey. While the average cost of a data breach stayed relatively constant for most industries, the cost of a retail data breach increased from £68 per record in 2014 to £78 in 2015, according to the 2015 Cost of Data Breach Study: United Kingdom.
What are some of the retail data security challenges faced by businesses today?
Keeping Customers Happy: Retailers need solutions that protect sensitive data but don’t slow down transactions. While two-factor authentication is more secure, for example, some customers may balk at having to take numerous steps to complete their transaction.
Credit and Debit Cards: Information thieves love credit and debit card transactions because of all the personal information attached to the cards. Most retailers now utilise chip and pin card readers, which make it more difficult to create counterfeit cards. However, some retailers also still offer the option to provide a signature instead of entering a pin, leaving them vulnerable to fraudsters.
Online Business: Chip technology can’t prevent online fraud. According to a Wired.com story, in the UK, where we have had chip-and-PIN cards since 2003, we have experienced a huge increase in ‘card-not-present’ transactions fraud – from 30% to 69% of total card fraud between 2004 and 2014. A 2015 LexisNexis study found that revenue lost to retail fraud in 2015 was nearly double the previous year’s amount because of online and mobile fraud.
Third-Parties: Third-party suppliers can be a bridge to an organisation’s confidential information. The Shred-it 2015 Security Tracker showed that 51% of small businesses don’t perform security checks when procuring a third-party supplier. Experts now prioritise the assessment of security of third-party business partners for retail companies.
Insiders: A recent US report identified employees as a huge security risk. Permanent and temporary workers used shared credentials, according to the report, and many respondents couldn’t identify systems that temporary employees accessed. There’s a cyber risk when employees use point-of-sale system as a personal computer, visit websites they shouldn’t, and send out confidential data. Stockpiling old computers also puts confidential information at risk. The solution: educate employees on best practices for protecting data.
Identity theft is a very real risk that accompanies retail breaches. Read our identity theft whitepaper on how to protect against identity theft and fraud.