A recent news story from Krebs on Security reported, “‘BriansClub’, one of the largest underground stores for buying stolen credit card data, has itself been hacked. The data stolen from BriansClub encompasses more than 26 million credit and debit card records taken from hacked online and brick-and-mortar retailers over the past four years, including almost eight million records uploaded to the shop in 2019 alone.”1
One has to ask, why retail organizations are so easily breached. How is it possible to lose vast quantities of sensitive customer data to the likes of global criminal enterprises like BriansClub? The answer: Retail networks are one of—if not the—most complex IT environments of any industry. In this paper, we’ll explore the key cyber security issues within the retail environment and suggest ways security professionals can better protect their retail operations.
Retail environment: Complexity everywhere. On the front end, online and brick-and-mortar retailers welcome customer transactions that originate from customer-owned devices. To meet digital transformation initiatives, traditional retailers are employing IoT devices, such as chip readers for automatic checkout, and location-based beacons that can send alerts to customers’ smart phones, pitching loyalty discounts and in-store offers. To ensure product availability, some retailers are employing smart shelves that detect weight changes and product movements using RFID tags and sensors. Put it all together and omni-channel and smart-store technologies are blending online, in-store, and location-based services for seamless customer experiences. All of this requires complex IT services. And to top it off, retail chains must make it happen at widely distributed store locations.
A retailer’s back-end operations can be equally complicated as they employ several connected business technologies. This includes Point of Sale (POS), Electronic Data Interchange (EDI), automatic identification, and other tech integrate supply chains for Quick Response programs that minimize inventory and labor costs.
But as widely reported in headline media coverage, retail systems are being hacked. Four U.S.
restaurant chains reported the compromise of their payment systems with malware that stole customers’ payment card information.2 “As payment card data passed through a restaurant’s server, the PoS malware copied from the magnetic stripe the card number, expiration date, and internal verification code; the cardholder’s name was also available in some cases.”3
Download the full text here.