As a retailer, you most likely have a set of KPIs to measure your business performance. Whether you’re focused on refining inventory or increasing customer satisfaction, you’re regularly looking at data to measure and see if you can improve your business’s performance and your customer experience.
With the rise of social media and review sites like Yelp, more and more consumers are a click away from leaving retailers a good review or a bad review that could damage your reputation.
Customer reviews aren’t the only thing to worry about. Network security is also a concern as more and more small and midsize businesses are top targets for cyber crime.
All retailers process PII (personally identifiable information), and that data is highly attractive to hackers who are forever looking for better and faster ways of breaching your network. We’ve all seen the news headlines and the effects a data breach can have on a retailer’s reputation.
Here are some key problems that retailers face and the solutions they should be aware of when it comes to cybersecurity.
Problem: Point of Sale Intrusions
Point of Sale intrusions involve a hacker placing malware on an unsuspecting POS system to capture payment card information while it’s stored in temporary memory. The hacker then leverages a remote connection to extract all the card information they can get.
What are the bad guys doing with all of these card numbers? Well, once the card numbers are collected, the card thief has a number of buddies to work with all with the goal of getting paid. There’s someone who buys and sells the card numbers, someone to make counterfeit cards, recruiters who find people to make purchases with the fake cards and people who actually make purchases.
There’s also innocent customers who unwittingly forfeited their bank account when all they thought they were doing was buying something from the store.
SOLUTION
Two Factor Authentication
Strengthen your POS security by implementing a two-factor authentication process (this may be a mobile app or hardware token.) Ensure that your vendors are accessing your POS environment with strong authentication and monitor login activity closely.
Visibility
Research monitoring options for your POS environment. We recommend Watchguard Dimension, a cloud-ready network visibility solution that comes standard with Watchguard’s UTM firewall platform, provides data visibility and reporting tools that identify security threats, issues and trends across your network.
Segmentation
Don’t keep your POS system on the same network as the employee break room where someone is surfing the Internet for cat videos. This opens up your network to cyber threats. A cautionary tale: the compromised credentials used in the Target data breach belonged to Target’s HVAC provider who managed Target’s temperatures in their locations. The HVAC company had no need for access to Target’s POS systems, but because the network was not segmented, the access was there and the hackers were able to get into Target’s network.
PROBLEM: PAYMENT CARD SKIMMING
If POS intrusions have hackers sneaking in through the back door, skimming takes them right to the front door with a locksmith. Payment card skimming happens when a cyber criminal implants a physical skimming device on any equipment that reads magnetic stripe data from a payment card. This could be an ATM or a gas pump or your store’s POS terminal.
SOLUTION
Educate Staff
Train employees on how to check if tampering has occurred and integrate it as a regularly scheduled task.
Strengthen Physical Security
Purchase tamper-resistant terminals. Tamper-resistant features will make it difficult for hackers to collect cardholder information by attempting to physically access electronic components of PIN pads or terminals.
Utilize Tamper Detection Methods
Anything you can do to make tampering more obvious to the naked eye is a good thing. Monitoring surveillance footage or applying stickers to the doors of your terminals are good places to start.
Problem: Maintain PCI DSS Compliance
Maintaining PCI DDS (Payment Card Industry Data Security Standard) compliance can be a challenge. These are tough standards that just get more stringent each year. And as threats continue to evolve, PCI standards must do the same, making it difficult for many business owners to keep up with the growing and changing list of requirements. Failure to meet PCI standards will result in your acquirer paying a monthly fine ($5,000 to $100,000 per month) that they will pass along to you.
Your acquiring bank is likely to significantly increase transaction fees. It’s safe to say that though maintaining PCI certification can be challenging, it’s more challenging for you to do business without it.
Solution
Protect Your Perimeter with Firewalls
Invest in a UTM (unified threat management) solution that provides “defense in depth,” or multiple layers of security. Think of it this way: suppose you have something precious that you’re trying to keep from others. You place it in a safe. You place the safe in a closet and that closet is in a room. That room is within a house and the house has a fence. These are your layers of security and your network requires the same security.
If You Must Store Cardholder Data, Secure It
Processing cardholder data is one thing, but storing it brings another set of challenges and standards to adhere to. One of the best things you can do to achieve compliance is to take storing out of the equation entirely, and not to do it at all. If there is an absolute need for cardholder data to be stored, enable strong encryption for all stored data. Only give access to this database to people within the company who really need it and provide all parties with their own, unique credentials.
If business growth is your goal, you need to make network security a priority. As a full-suite IT and cybersecurity firm, Restech can help secure your network and your business.
{{cta(‘4958c19f-2a59-48f2-b1ab-0bcda0b5b868’)}}
Source: Watchguard Technologies
