Report • 23.05.2016

Hackers in search of data treasures

IT security needs to become a top priority for the retail industry

Retail networks include a variety of areas and devices....
Retail networks include a variety of areas and devices.
Source: Bildagentur PantherMedia / everythingposs

Holding up a supermarket or a gas station can pay off for criminals. Retailers are a worthwhile target, especially at night when the day’s takings are still at the store. But the potential yield for cyber criminals is far greater. While retailers for decades had plenty of time to prevent shoplifting in their stores, IT security has not been a real issue in the industry sector for quite some time.

It still applies to most retailers today: stores are extensively equipped with video surveillance and electronic tags but when it comes to “data security“, retailers just shake their heads. In the EHI study ”IT Trends in Retail 2015“ , only nine percent of participating retailers mentioned the subject of IT security when asked about the latest technology trends. 

Even though at least 26 percent of interviewed companies have a designated department to handle IT security management, it is still often possible for somewhat experienced hackers to steal thousands or millions of credit card and customer information without any major effort and make large profits by selling it. They gain access using various methods such as viruses, spyware or phishing (a method to acquire personal information of a user by setting up fake websites or emails). They gain access to the retailer’s network and are able to steal sensitive data. 

Major retail chains are primary targets 

By nature, networks of major retailers are especially complex and include various components like the internal network management, geographical markets, stores, POS systems, sales assistants, suppliers, customers and mobile devices. The larger the retailer, the more customers he has. The data trove criminals need to break into is subsequently also huge for multinational corporations. Last year, the Dell computer company published a list of the most serious attacks to date on major retail chains (though only those cases affecting the U.S.).

Ein Viertel der Händler haben eine eigene  Abteilung für das IT Security...
Ein Viertel der Händler haben eine eigene Abteilung für das IT Security Management.
Source: EHI Retail Institute

Beyond the United States borders, for example, the theft of 40 million credit and debit card numbers and other personal data of 70 million customers of U.S. discount retailer Target made headlines. It still is the largest case of data theft in U.S. retail. Home Depot (56 million stolen credit card numbers and 53 million exposed email addresses) as well as Michaels (three million stolen credit and debit card numbers) are also among the most prominent victims.

Cyberattacks are on the rise – digitization is also to blame

In a recent survey by Capgemini Consulting, 44 percent of all companies in the “consumer goods & retail” industry indicated to have been a victim of a cyberattack at least once. Especially the advancing digitization in stores with new services like free Wi-Fi for customers or digital in-store services such as QR codes and navigation apps create new risks. In the case of insufficient security, these can also represent entry points for cyber criminals. 
To get to know their customers better, retailers store far more personal data than they used to in the past – everything ranging from customer purchase history to detailed profiles primarily generated with the use of loyalty programs. And needless to say, the increasing amount of data also increases the incentive to steal it. 

Serious repercussions for retail companies

Many retailers are actually oblivious to the consequences of data theft on a grand scale, which is why they also underestimate the required investment or even completely forego security solutions. Cyber criminals obviously don’t steal any tangible assets (such as cash for example). However, they potentially wreak even more havoc through data theft. After all, when serious cases of data breaches become public, retailers need to invest significantly in communications with their customers. 

In the months immediately following the theft of customer information, Target, for example, invested a whopping 61 million U.S dollars in customer communication to put its concerned customers at ease. Added to this are potential payments resulting from the retailer’s promise to its customers to pay any fraudulent charges that can be directly traced back to the data breach. All of this resulted in Target’s profit falling 46 percent during the subsequent Christmas season. Other retailers like Staples for instance even offered its potentially vulnerable customers to bear the costs for identity theft protection – for example, credit monitoring services or free credit reports.

Datendiebstahl hat gerade für Einzelhändler große Auswirkungen....
Datendiebstahl hat gerade für Einzelhändler große Auswirkungen.
Source: Bildagentur PantherMedia / ventanamedia

Added to this is the fact that digital theft is harder to quantify and measure than the loss of cash for example. What’s more, hackers might have stolen or copied more data than it first appears. At the same time, there is always a risk that previously undetected malware remained in the network and might lead to further losses at a later point in time.

Centralized threat assessment – segmentation of network resources

In the case of a typical data leak in retail, data collected at the POS is shifted to other parts of the network where it actually does not belong. In a white paper on network security in retail, Dell recommends a zone-based security concept. When retailers split network interfaces such as customer computers, inventory servers and back office databases within the network into separate zones, it is easier to ensure that only authorized users have access to the respective zones. In this case it would mean that data from the POS is only forwarded to payment processing, but data transmission to other areas of the network would effectively be impossible. 

This is certainly an effective method to quickly detect unauthorized data transfer, or ideally to prevent it entirely. However, consolidating data is just as important. When information about various network threats is consolidated in the cloud, the available computing power is simply higher, which in turn results in shorter response times and enables a more effective defense against security threats. 

The key to effectively protecting a retail network, on the one hand, lies in segmentation to quickly identify unauthorized data transfers. On the other hand, information on network threats needs to be synchronized in the entire company, so that you can take action against the attack on a broad scale.

Author: Daniel Stöter, iXtenso.com

related articles:

popular articles:

Thumbnail-Photo: Connected Retail Experiences and StartmeupHK Festival 2020 goes virtual...
03.06.2020   #e-commerce #multichannel commerce

Connected Retail Experiences and StartmeupHK Festival 2020 goes virtual

Transformation from an in-person event to a fully virtual experience

The StartmeupHK Festival 2020 is to be transformed from an inperson event to a fully virtual experience. Connected Retail Experiences will take place on 7th July 2020. Inves tHK’s decision to bring this annual event into the ever more rapidly ...

Thumbnail-Photo: Self-Service for the ultimate customer experience...
19.02.2020   #brick and mortar retail #self-checkout systems

Self-Service for the ultimate customer experience

EuroShop 2020: iXtenso spoke with Diebold Nixdorf

Diebold Nixdorf as a leader in connected commerce offers innovative technologies for the optimized mix of self-service and checkout systems. With the program Storerevolution™ their solutions are a benefit for customers and retailers at the ...

Thumbnail-Photo: The cash register capable of everything
18.02.2020   #customer satisfaction #epos systems

The cash register capable of everything

Flexible use from manned checkout to self-checkout point

Customers walking through the store with their own cash register on hand? This versatility of shop technology and shop fittings corresponds to the change in brick and mortar retail. MAGO wants to help retailers to meet this challenge with ...

Thumbnail-Photo: Simple tips and tricks to start your online business...
20.05.2020   #online trading #retail

Simple tips and tricks to start your online business

How to start an e-commerce business: Why you don’t always need a big online store

Creating your own online store is still the most popular way to sell products online. To start an e-commerce business, you first need a store setup and a fulfillment service provider who handles the warehousing, packaging, and shipment of ...

Thumbnail-Photo: Our bot is happy to assist you
31.03.2020   #consulting #customer relationship management

Our bot is happy to assist you

Chatbots and AI virtual assistants automate customer service

Chatbots and virtual assistants – some think they are creepy, others consider them a part of daily life. Either way, they patiently answer frequently asked questions related to the opening hours of the nearest supermarket.By now, some ...

Thumbnail-Photo: Pay-As-You-Go
17.02.2020   #payment systems #Trade fair special EuroShop 2020

Pay-As-You-Go

VR Payment and BMS Consulting bring fully automated payment to the point of
sale with payfree

For the first time ever, payfree realises the vision of cash register free checkouts without camera surveillance and expensive sensor technology on the shelvesThe payment process begins automatically upon passing the checkout areaInnovative process ...

Thumbnail-Photo: Consumer survey: social distancing is changing shopping habits...
10.04.2020   #brick and mortar retail #payment systems

Consumer survey: social distancing is changing shopping habits

Touchless or self-checkout options preferred for instore shopping during COVID-19 pandemic

Nearly two-thirds of consumers are changing their grocery shopping habits in response to the worldwide COVID-19 pandemic, according to a recent consumer survey from Shekel, pioneers in advanced weighing technologies. And 87 percent of shoppers say ...

Thumbnail-Photo: Password? No need!
09.03.2020   #mobile payment #security

Password? No need!

Interview with Dr. Daniel Schellenberg, COO of IDEE GmbH

Do you have an existing user account? Did you forget your password? No doubt, those are some annoying questions when you shop online. The brains behind IDEE agree and leverage your "digital identity" to make surfing and online shopping ...

Thumbnail-Photo: Creative criminal meets intelligent security system...
28.05.2020   #security #brick and mortar retail

Creative criminal meets intelligent security system

Interview with Ralph Siegfried, Business Development Manager at Axis Communications GmbH

Stores come in different sizes, have different settings and vary in product selection. That’s also why they need a customized loss prevention and security solution. What are some options for retailers and what key elements do they need to ...

Thumbnail-Photo: 3D product configuration: individualization online and in real time...
24.03.2020   #online trading #online marketing

3D product configuration: individualization online and in real time

Video interview with Yusuf Sahin, sales consultant at Derwid

The more attractive the presentation of a product, the more likely customers are to decide to buy online.One way of doing this is 3D product configuration, in which all the data and options of a product flow into the background. This allows the user ...

Supplier

ROQQIO Commerce Solutions GmbH
ROQQIO Commerce Solutions GmbH
Harburger Schloßstraße 28
21079 Hamburg
Saint Gobain Sovis
Avenue de la Republique
2407 Chateau Thierry Cedex
StrongPoint
StrongPoint
Isafjordsgatan 5
164 40 Kista
Poindus HQ - Taiwan
Poindus HQ - Taiwan
5F., No.59, Ln. 77, Xing-Ai Rd.,Neihu Dist.
Taipei City 114
Nagarro Allgeier ES GmbH
Nagarro Allgeier ES GmbH
Westerbachstr. 32
61476 Kronberg im Taunus
APG Cash Drawer
APG Cash Drawer
4 The Drove
BN9 0LA Newhaven
HappyOrNot
HappyOrNot
Innere Kanalstraße 15
50823 Köln
POS TUNING Udo Voßhenrich GmbH & Co KG
POS TUNING Udo Voßhenrich GmbH & Co KG
Am Zubringer 8
32107 Bad Salzuflen
Delfi Technologies GmbH
Delfi Technologies GmbH
Landgraben 75
24232 Schönkirchen
Checkpoint Systems GmbH
Checkpoint Systems GmbH
Ersheimer Str. 69
69434 Hirschhorn a. Neckar