The retail industry has always had to deal with the possibility of theft but historically done in person through supply chain thievery or shoplifting. The digital world has created many new threats, and the retail industry is facing unprecedented attack, particularly from cyber crime.
Here’s what you need to know.
The growth of cyber attacks against the retail industry could be said to have three primary reasons:
- A continued increase in e-commerce as consumers continue to utilize digital platforms
- A growing quantity of available data for hackers, such as the personal information gathered in shopping incentive programs
- Copycat actors, which means that as cyber attacks against the retail industry succeed, other cyber criminals repeat those actions, further spiraling out of control
Crimes against the retail industry occur around the globe, costing economies hundreds of millions. No nation with a retail sector is immune to threats against cyber security in retail.
Cyber criminals attack retail from many angles, but it might help to know what some of those criminal possibilities are so that one can better prepare to safeguard against them. Here are some of the major ways in which the retail industry suffers from cyber attack, as well as some of the potential points of weakness.
- Credit card theft—Stealing credit card numbers remains a primary target for cyber criminals. While advances in technology, such as chip card protection, have improved the security of credit card numbers at checkout, online purchases and source hacking of third-party e-commerce providers remain points of weakness.
- Data theft—Whether through phishing scams or outright hacking, criminals seek the personal data of consumers. Such data can be sold on the cyber black market as well as used for other nefarious purposes, such as identity theft. Thanks to a growing number of incentive programs, which increase customer loyalty, retailers may have a great deal of identifying information on file (addresses, phone numbers, email accounts, etc).
- Account takeovers—Just because cyber criminals cannot always steal credit card numbers, doesn’t mean they cannot engage in online theft. If they steal the account credentials of shoppers, they can make fraudulent purchases through stored data.
- Refund fraud—When cyber criminals cannot steal directly, they can also engage in refund fraud online. Again, most retailers have solved the problems of refund fraud with in-person shopping, but the cyber security in retail is another angle to address.
- Weak points in digital supply chain—Even when retailers shore up defenses at the point of sale, the industry has become increasingly reliant on digital commerce. If anyone in the supply chain fails to update systems against cyber attack or gets hacked, huge sectors of the industry get hit.
Adding to these possibilities is the damage to public relations. A cyber security attack costs repair time and money, but also the PR impact of such an attack.
Since the problem of cyber security in retail is multi-faceted, the solutions must be as well. For one, retail companies and their employees would benefit from an increase in cyber security intelligence and safety protocols, but so would consumers. Requiring high-level passwords for a site does not prohibit a user from repeating passwords between sites, yet doing so compromises every site for which a password is repeated.
Complicating the matter is the fact that consumers are notoriously faithless: if you slow commerce down with increased cyber security measures, you can cost yourself business. In a digital world, ease of purchase is possibly just as important (or perhaps even more so) to customers as security of purchase.
Effective solutions require actionable cyber security intelligence and a thorough game plan.