Vulnerability Management in Independent Retail Stores

By Elie Y. Katz, President and CEO, National Retail Solutions

In the independent retail arena, there’s an unrelenting threat lurking that can set back your store’s operations, public reputation, credit ratings, and ultimately your profits. This risk has nothing to do with whether your inventory is up-to-date, your staff’s customer service skills, or bills paid on time during an economic downturn. This hazard, silent and ominous is technological vulnerability.

Cybercriminals regularly attempt to pillage a business owners’ revenue generation potential. Cybercrime and fraud on physical and online retail purchases includes the theft of store owners’ and their customers’ sensitive personal data. Credit card fraud is a number one concern, followed closely by identify theft. Sophisticated data hackers utilize many tricks, including scam email phishing expeditions to trick people out of critical personal information.

As a responsible retailer, you must be aware that thinking that your store isn’t vulnerable because it’s small is a fallacy. While many of the data hacks that make the news involve large chain stores and banks, bad actors may very well practice their skills and target small, independent stores as often or more than large corporations. They may take advantage of Mom ‘n’ Pop shops, with an assumption that smaller stores have more vulnerability than larger operations. According to Fundera.com, one in five small businesses fall victim to a cyberattack and of those, 60 percent go out of business in six months.

Yet, vulnerability protection is not complicated, doesn’t cost a lot and is easy to implement. With vulnerability management, owners of small to mid-sized retail establishments can rest easy knowing their data is guarded like a fortress.

One method of fraud is attained through phishing emails, when an email asks the recipient to open an attachment that contains a virus, malware or ransomware that can infiltrate devices and steal credit card processing information and sensitive data. Such emails are so advanced that they may come from a sender identified as a boss, colleague, distributor, friend or other seemingly trusted person. In addition to setting off hacking software, these emails may ask you to provide personal information for a number of nefarious reasons.

Pay close attention to the email address. An email whose sender comes up as familiar may be coming from a suspect address that doesn’t match the sender’s identity. Delete these emails immediately. Also be on guard for calls to your store, or texts to your cell phone, requesting sensitive information.

Research different types of scams. If you don’t pay attention to cybercrime, you do so at your own peril. With a data breach, merchants risk losing money – and customers. A retailer may be insured but insurance rates will skyrocket if there is an incident. Consumers whose data was compromised at your location, will no longer trust or patronize your establishment. You may even face lawsuits from customers that trusted your business to safely transact and secure their data.

You can successfully prevent and manage data vulnerability. Make sure that payment acceptance equipment in your store is PCI compliant. PCI is a set of security standards designed to ensure that all companies that accept, process, store or transmit credit card information maintain a secure environment. PCI compliance is typically most stringent with credit card processing. This would also apply to a point of sale (POS) system that also allows credit card payment within one same device. Careful handling and storage of customers’ data plus use of PCI-compliant hardware fall into this category.

POS systems have evolved from simple cash registers and a cash-filled shoe box in a drawer, to technologically advanced checkout, with acceptance of various forms of payment. Some POS systems offer a more vulnerable all-in-one solution with built-in credit card processing. Less vulnerable are those POS with a separate, PCI compliant credit card reader that’s integrated with the POS system to process transactions. The latter is the way to go. An all-in-one POS approach makes it too easy for thieves to steal data.

Another way for merchants to mitigate vulnerability in their POS, is by connecting it to hard-wired internet rather than Wi-Fi. Via Wi-Fi, hackers can gain unauthorized entry into your back office. Hard wiring your internet to your store’s POS system ensures that your internet signal cannot be intercepted.

Point of sale systems are typically either cloud-based or window platform-based. Data breach and vulnerability levels are greatly reduced with a cloud-based system. Windows systems are prone to hacking, attacks and glitches and require more maintenance. Data stored in the cloud is encrypted, or scrambled, making it far more difficult for cyber criminals to access.

Cybercrime is an insidious and pervasive issue facing today’s retailers. As technology advances, criminals are becoming more sophisticated. By making wise decisions regarding the handling and storage of sensitive information, a business owner can reduce their chances of falling prey to cyber criminals, gain piece of mind, and have one less detail to worry about while running the busy operations of their store.

Website details:https://nrsplus.com/

Hot Topics

Related Articles