Cybersecurity Lessons from 3rd-Party Breaches in Big Retail

Cybersecurity Lessons in Big Retail

What can SMB’s learn from high-profile security breaches in large retail businesses? These cybersecurity lessons in retail can help prevent a security breach from occurring in your big retail business.

IT Retail Security Gaps

Retail IT security has traditionally been reactive and underfunded. From a technological standpoint, retailers have always approached PCI (Payment Card Industry) compliance as a checkbox exercise. Compliant security has resulted in insufficient data protection and poorly integrated point-of-sale solutions that are dispersed across a large geographic area. Furthermore, due to deployment, maintenance, and training problems, endpoint security on point-of-sale systems is frequently overlooked. Retailers are hampered in mitigating security threats due to a lack of staffing and competing objectives, leaving many retailers to delegate important security duties to auditors, contractors, and stores.  

Refund Fraud

Another common hacker tactic is refund fraud. What is the mechanism behind it? There are several choices, including:

A hacker makes a bogus receipt, which means you give them a refund for something they didn’t buy. On the dark web, some fraudulent receipts are for sale.

Someone purchases something with stolen credit card information and then requests a refund to be sent to a different card.

Someone makes it appear as if their package never arrived, leading you to issue a refund. If a person complains about your business on social media, this is a good strategy to use. When it happens once or twice, refund fraud may not seem like a big deal. Scammers and hackers, on the other hand, can work at any level, and you could end up losing a lot of money.

Third-Party Security is a Priority

Third-party IT security breaches have affected innumerable organizations, with high-profile breaches at Home Depot and others making national news. Other organizations that have experienced third-party data breaches include Amazon, T-Mobile, eBay, Macy’s, and Target, which demonstrates how prevalent they are in this day and age.

Key Takeaways for ALL organizations – retail or not

A chain is only as strong as its weakest link.  Fraudulent actors are creative in the ways they seek to compromise business these days, and the level of access 3rd party vendors have at your organization matters.  These are all key pieces of the puzzle when considering how secure you REALLY are.  Reach out to JENLOR today to see how the lessons we’ve learned operating in the IT security landscape for over 20 years can benefit you and your organization for cybersecurity lessons in big retail.