4 Emerging Retail Cybersecurity Threats (and How to Stop Them)

Bryana Dacri | October 2, 2018

The retail industry has always been a favorite target of cyber criminals. We all remember major data breaches like those that affected Target, TJX, and Home Depot — but the truth is that cybersecurity threats have been a daily concern of retailers for a long time.

Point of Sale (POS) system hacks, payment card skimmers, and denial of service attacks have historically been among the most problematic security issues for retailers. Thankfully, recent technological advancements like the rise of EMV chip cards have reduced the significance of some of these attack vectors.

However, cyber criminals continue to innovate and evolve their methods. As old avenues get blocked, new tunnels appear. These emerging retail cybersecurity threats have the ability to create outages and data breaches big and small.

1. Refund Fraud

Refund fraud is a digital evolution of an old physical scam. According to Booz Allen Hamilton, it was one of the major threat vectors retailers faced during the 2017 peak season.

Here’s a basic version of how it works:

  1. A criminal generates a fake receipt, then dupes the retailer into providing a refund for goods that were never purchased.
  2. Alternatively, they might purchase an item online, claim it never arrived, and request a refund.
  3. Finally, they might purchase an item using stolen payment card information, then request that a refund be processed to a different credit card.

Generating these false receipts turned out to be big business on the dark web. For less than $20 USD, you too could buy a forged receipt that could be used to defraud your favorite retailer. According to Booz Allen Hamilton, these dark web “storefronts” don’t typically try to mask their activities, and therefore don’t stay open for very long. But as soon as one shuts down, another one pops up, making refund fraud a continuing issue for retailers.

Stopping this fraud won’t be easy, but understanding the current refund fraud landscape can help retailers identify suspicious “customers.” For example, most refund frauds are now occurring via phone support. By training call center reps to be more attuned to the signs of refund fraud, retailers may be able to curb its effects.

2. IOT Vulnerabilities

The internet of things is poised to be one of the next great innovation frontiers for brick and mortar retailers. Many companies are already starting to use IoT devices for merchandise tracking, predictive equipment maintenance, and foot traffic analysis.

However, all of these new connected devices represent possible points of entry for cyber criminals. As the cybersecurity industry and government regulators struggle to keep up with the explosion of IoT devices, retailers need to weigh the costs and benefits associated with being on the leading edge of connected device usage.

At the very least, every retail IoT device should be kept up to date with all software patches.

3. Gift Card Hacking

In 2015, a cybersecurity researcher revealed a critical vulnerability in many retailers’ gift card systems that would allow hackers to steal funds right out of the balances of unsuspecting recipients.

Here are the basics: The hacker collects some unloaded gift cards from a retail store. They identify the pattern in the cards’ identification numbers. In many cases, the number of variable digits in these cards will be extremely small. Then the hacker uses the retailer’s own balance-checking website and brute forces number combinations until one with value appears. They can then use this card to make an online purchase.

In an age when many retail cybersecurity threats are exceedingly complex, retailers should ensure they’re not overlooking simple risks like this.

4. Supply Chain Attacks

From the factory to the customer’s front door, technological improvements to the retail supply chain have made shopping faster and more convenient. However, the increasing connectivity between a retailer and its many third-party connections also increases the risk of a data breach.

There is a long history of hackers breaking into third-party companies in order to access the first party’s treasure trove of data. Two of the largest retail data breaches in history (Target and Home Depot) were both the result of third-party attacks.

In addition to the threat of data breach, retailers must also be concerned with major business interruptions caused by outages at their suppliers. As we’ve seen before, a hack of one shipping or transportation company can cause major logistics headaches, especially during peak season.

In order to protect themselves from supply chain attacks, retailers need to gain an accurate, continuous view of their third parties’ cybersecurity performance. Luckily, tools like BitSight Security Ratings have made this easier than ever for retail companies to manage cyber risk.

Download Ebook: The E-commerce Dilemma: Protecting the Digital Supply Chain


Suggested Posts

5 Crucial Strategies for Improving Retail Network Security

The retail sector has proven that when top minds put their heads together, they can make real headway against pernicious cyber threats. Case in point: the industry-wide adoption of EMV  chip cards has played a role in reducing...


3 Surprising Ways Supply Chain Cybersecurity Can Impact Retailers

Retail operations, whether in-store or online, rely on a long chain of connections between third parties. When attackers target one of these third parties, they can wreak havoc on the supply chain, affecting business operations up and down...


4 Emerging Retail Cybersecurity Threats (and How to Stop Them)

The retail industry has always been a favorite target of cyber criminals. We all remember major data breaches like those that affected Target, TJX, and Home Depot — but the truth is that cybersecurity threats have been a daily concern of...


Subscribe to get security news and updates in your inbox.