4 Common Retail Security Threats (and How to Stop Them)

Bryana Dacri | October 2, 2018 | tag: Retail

The retail industry has always been a favorite target of cyber criminals. We all remember major data breaches like those that affected Target, TJX, and Home Depot — but the truth is that retail security threats have been a daily concern of retailers for a long time.

Point of Sale (POS) system hacks, payment card skimmers, and denial of service attacks have historically been among the most problematic retail security threats across the industry. Thankfully, technological advancements like the rise of EMV chip cards have reduced the significance of some of these attack vectors.

Cyber criminals are continuing to innovate and evolve their methods. As old avenues get blocked, new tunnels appear. These emerging retail security threats have the ability to create outages and data breaches big and small.

1. Refund Fraud

Refund fraud is a digital evolution of an old physical scam and was one of the major retail security threat vectors faced during the 2017 peak retail season.

Here’s a basic version of how it works:

  1. A criminal generates a fake receipt, then dupes the retailer into providing a refund for goods that were never purchased.
  2. Alternatively, they might purchase an item online, claim it never arrived, and request a refund.
  3. Finally, they might purchase an item using stolen payment card information, then request that a refund be processed to a different credit card.

Generating these false receipts can be big business on the dark web. For less than $20 USD, you too could buy a forged receipt that could be used to defraud your favorite retailer. According to Booz Allen Hamilton, these dark web “storefronts” don’t typically try to mask their activities, and therefore don’t stay open for very long. But as soon as one shuts down, another one pops up, making refund fraud a continued retail security threat.

Understanding the current refund fraud landscape can help retailers identify suspicious “customers.” For example, some refund frauds occur via phone support. By training call center reps to be more attuned to the signs of refund fraud, retailers may be able to curb its effects.

2. IOT Vulnerabilities

The internet of things was one of the greatest innovation frontiers for brick and mortar retailers that use IoT devices for merchandise tracking, predictive equipment maintenance, and foot traffic analysis.

However, all of these connected devices represent possible retail security threat points of entry for cyber criminals. As the cybersecurity industry and government regulators work to keep up with the many different use-cases for IoT devices, retailers need to weigh the costs and benefits associated with being on the leading edge of connected device usage.

3. Gift Card Hacking

In 2015, a cybersecurity researcher revealed a critical retail security threat in many retailers’ gift card systems that would allow hackers to steal funds right out of the balances of unsuspecting recipients.

Here were the basics: The hacker collects some unloaded gift cards from a retail store. They identify the pattern in the cards’ identification numbers. In many cases, the number of variable digits in these cards will be extremely small. Then the hacker uses the retailer’s own balance-checking website and brute forces number combinations until one with value appears. They can then use this card to make an online purchase.

4. Supply Chain Attacks

From the factory to the customer’s front door, technological improvements to the retail supply chain have made shopping faster and more convenient. However, the increased connectivity between a retailer and its many vendors also increases the risk of a data breach.

There is a long history of hackers breaking into third-party companies in order to access the first party’s treasure trove of data. Two of the largest retail security breaches in history (Target and Home Depot) were both the result of third-party attacks.

In addition to the threat of data breach, retailers must also be concerned with major business interruptions caused by outages at their suppliers. As we’ve seen before, a hack of one shipping or transportation company can cause major logistics headaches, especially during peak season.

In order to protect themselves from the supply chain side of retail security threats, retailers need to gain an accurate, continuous view of their third parties’ cybersecurity performance. Luckily, tools like BitSight Security Ratings have made this easier than ever for retail companies to manage cyber risk.

This post has been updated as of October 21, 2020.

Download Ebook: The E-commerce Dilemma: Protecting the Digital Supply Chain

The_Ecommerce_Dilemma_Ebook_Image_CTA

Suggested Posts

5 Crucial Strategies for Improving Retail Network Security

The retail sector has proven that when top minds put their heads together, they can make real headway against pernicious cyber threats. Case in point: the industry-wide adoption of EMV  chip cards has played a role in reducing...

READ MORE »

3 Surprising Ways Supply Chain Cybersecurity Can Impact Retailers

Retail operations, whether in-store or online, rely on a long chain of connections between third parties. When attackers target one of these third parties, they can wreak havoc on the supply chain, affecting business operations up and...

READ MORE »

4 Common Retail Security Threats (and How to Stop Them)

The retail industry has always been a favorite target of cyber criminals. We all remember major data breaches like those that affected Target, TJX, and Home Depot — but the truth is that retail security threats have been a daily concern...

READ MORE »

Get the Weekly Cybersecurity Newsletter.