“Recent data breach” is an often search term of late. It seems not a day goes by without word of a major retailer being attacked by a cybercriminal. The numbers certainly seem to suggest as much, as last year, there was nearly a 45 percent increase in data breaches for business in all industries compared to 2016, according to the Identity Theft Resource Center.
No industry is immune to cyberwarfare. Indeed, of all the sectors where data breaches occurred, health care was the most hard hit, totaling 374 instances wherein sensitive information was either obtained or laid bare, based on the ITRC’s calculations. Second to medical was the banking and financial services sector.
“Retailers can no longer assume an ‘It won’t happen to me’ mentality.”
It’s realities like these that have some retailers assuming an “It won’t happen to me” mentality. But with store owners and operators utilizing a variety of point of sale systems, hackers have a plethora of opportunities to gain access to information they shouldn’t be privy to, assuming stores haven’t implemented the proper security techniques and systems.
It certainly seems that this may be the case. In 2018 alone, numerous retailers have been attacked, the perpetrators using any and all means to obtain access. A partial list includes Panera Bread, Saks Fifth Avenue, Best Buy, Shoprite and Lord & Taylor.
“We have identified the issue, and have taken steps to contain it,” a Lord & Taylor spokesperson said shortly after news about the situation broke, according to The Wall Street Journal.
Meanwhile, the data breach affecting Panera Bread actually occurred in 2017, but the company didn’t reveal the extent to which customers’ information was outed until April, based on reporting from KrebsOnSecurity.
Debit cards hacks up 10 percent
Part of the issue derives from more customers taking advantage of convenient banking services, like debit cards. That’s not a problem necessarily, given that most retailers accept them as part of their POS system. However, they’re not immune to identity theft when users – and retailers – don’t do their due diligence. In 2017, for example, debit cards were compromised 10 percent more frequently than the previous year, according to estimates from FICO. There was also an 8 percent uptick in debit card breaches happening at ATMs and merchant devices, like card readers and terminals set up at registers.
Debit card data is a top target for hackers.
“The number of compromises and the number of card members impacted set a new record last year,” said T.J. Horan, FICO vice president of fraud solutions. “While most devices are safe, fraudsters are developing new technology and methods for hacking ATMs.”
Horan advised users to check their credit and debit accounts regularly to ensure they recognize when payments have been authorized.
Another worrisome element to being victimized by a data theft attempt? Those attacked become that much more likely to be impacted again. That’s according to a recently released study conducted by FireEye. Based on the company’s analysis, of the businesses that experienced a “significant” breach over an 18-month period, the majority of those impacted – 56 percent – were targeted a second time within that same 18-month window. When a similar study was conducted in 2013, just 38 percent of businesses were attacked on multiple occasions.
NRF: Breach notification law needs refining
Recognizing the security risks and realities many retailers face, the National Retail Federation is calling on lawmakers to address what it says are “significant loopholes” in the yet-to-be implemented data breach notification law. As its title implies, this type of legislation would require retailers to inform their customers about lapses in security, regardless of when, where or how it happened. Some states already have laws on the books where this is mandatory, but there’s no uniform federal law.
“The legislation being considered by the [House Financial Services] committee is an important step forward, but has significant loopholes that would allow major data breaches to be kept secret from the public,” said Paul Martino, vice president for the NRF. “We want to work with the committee to develop an airtight bill that covers all industries and ensures that all data breaches are subject to notification no matter where they occur.”
Point of Sale providers need to provide their merchants with a secure payments solutions to protect against data breaches. When employed alongside PCI guidelines, the implementation of EMV, data encryption and tokenization allow for a strong defense against potential fraudsters.