As hacker techniques are becoming more sophisticated during COVID-19, the retail industry is more vulnerable to cyberattacks.
Credit card fraud and personally identifiable information (PII) are stolen, aka scraped, in almost every attack in order to gain a reward, which is usually in the form of money or credit and/or eventually converted into revenue or bartered online via illicit data trading. Cybercriminals commonly steal this credit card data through techniques such as using payment card skimmers, especially targeting businesses without modern chip and pin technology and/or reducing chip and pin to antiquated magnetic strips.
How antiquated is magnetic strip encoding? Did you know that the magnetic storage technology dates back to World War II? Consider also that most places in Europe do not allow a service person, e.g. in a restaurant, to walk away and run a client’s credit card. The machine is brought to the client. Solutions such as this should be brought into consideration given the new normal post-COVID-19.
If you fully adopted chip and pin technology – great! However, your readers are computers. Those systems must be constantly updated. We have seen many breaches occur based on modern malware scraping credit card data while data is in memory and/or processing. Also, a less technical method is shoulder surfing. Your customer’s credit and debit card PINs are private. Keep it that way. Do your machines shield from prying eyes, hidden cameras that a malicious employee can install? Where cybercriminals cannot break in via cyber, they either recruit employees at your business, via the web, or they actually apply for positions at your business.
|Example of a credit card machine using a magnetic strip without an eye or hidden camera prying shield.||Credit card machine with eye or camera prying shield:|
Data breaches, point-of-sale attacks, the creation of sophisticated new forms of malware and the introduction of “cybercrime-as-a-service” are now key issues affecting the security of credit card data. To better understand this growing concern, here are a few key highlights:
- Despite the implementation of EMV technology, credit and debit card fraud alerts are up 15% from two years ago (Elan Financial Services).
- Thirty-one percent of U.S. adults have received a fraud alert regarding a credit card (CreditCards.com).
- Credit card fraud tops the list of identity theft reports in 2018. The Federal Trade Commission (FTC) received more than 167,000 reports from people who said their information was misused on an existing account or to open a new credit card account (Federal Trade Commission).
- Consumers reported $905 million in total fraud losses in 2017, a 21.6% increase over 2016 (Experian).
- According to the FTC, nearly 1.7 million fraud reports including identity theft and other reports occurred in 2019 (Federal Trade Commission).
- Consumers reported losing more than $1.9 billion to fraud in 2019. (Federal Trade Commission).
- Visit Experian for additional credit card fraud statistics and information.
Withum’s cybersecurity services,
contact our experts now.
To help keep customer data safe, even in cases where criminals manage to compromise systems, retailers should keep PII, financial data and POS information separate from all other data stored internally. Choosing a reliable payments partner with leading-edge technology may help mitigate the threat to credit card issuers and cardmembers. Finally, as a precaution, businesses who use credit card point of sale (POS) machines to process data should frequently search for devices on their POS terminals and swiping equipment.
Ultimately to better protect a business and be in line with recent regulatory laws such as the General Data Protection Regulation (GDPR), CCPA, etc., organizations should collect the least possible amount of PII on customers, have a clear purpose for each data element, and make sure to always keep data encrypted and safeguarded, both in transit and at rest.
Here are some ways to safeguard yourself:
- Ensure your firewalls are secure
- Store data in secure locations on your servers
- Make sure that you take minimal data needed to market to your customers and keep the data encrypted.
- Talk to your tax and legal advisors about how to reduce your risk in these areas
- Request a Withum Open Source Intelligence Report without charge for a limited time only.
Please reach out to our cybersecurity experts to ensure your organization’s data is protected.