Friday, December 4, 2015
The National Retail Federation and security analysts are urging merchants and consumers to remain vigilant during the high-peak shopping season, noting that high-volume sales may provide additional opportunities for cybercriminals to attack vulnerable POS infrastructures. Among the chief concerns is the notion that retailers that have upgraded Europay, MasterCard and Visa (EMV) payment systems have solved the security issue. EMV is a good start but far from a silver bullet, some analysts have noted.
"EMV technology ensures that the physical card being presented for payment isn't a fraudulent card, so EMV in and of itself is not a security technology," said Steve Robb, Senior Vice President for ControlScan Inc., a provider of managed security and compliance services. "True POS security involves people, processes and technologies that protect data while it's at rest and in transit. For example, properly configured firewalls need to be in place and actively monitored."
For the first time in U.S. history, total digital commerce surpassed $3 billion on Cyber Monday in 2015, a 21 percent increase over the previous year. Amazon Inc., Wal-mart Stores Inc., eBay Inc., Target Corp. and Best Buy Inc. were the top five e-commerce websites, according to comScore, a data analytics company.
"Despite some talk of Cyber Monday declining in importance, the day's historical highs and continued strong growth rates confirm it is a hugely important shopping event," said Gian Fulgoni, comScore Chairman Emeritus.
Increasing e-commerce traffic coupled with heightened in-store security and ongoing EMV adoption will push cybercriminals to online retail sites, data security analysts have said. HyTrust, a cloud control and security company, has seen a marked increase in cyber attacks, from nation-sponsored espionage to cyber criminals stealing data from major retailers.
"Being compliant with industry regulations does not mean you're secure," said Eric Chiu, HyTrust co-founder and President. "No company is immune to attack and security must be a top priority rather than an afterthought or insurance plan."
Following are Chiu's recommended strategies for merchants and consumers throughout and beyond the holiday shopping season:
Chiu urged companies to make data security a strategic priority, noting that good planning and employee training can go a long way. "Not only are CEOs losing their jobs over breaches, but the costs are staggering, including legal costs, remediation, credit monitoring, notification, brand damage and downtime resulting from a breach," he said.
Vann Abernethy a Security Specialist at NSFocus, a global network security provider with U.S. offices in Santa Clara, Calif., recommends installing a firewall and routinely screening all third-party suppliers to spot any coding or errors that might lead to compromise. "Retailers should enforce strong authentication for any administrators who access these systems, and limit that access to the bare minimum," he said, further noting that both insider threats and potential breaches can be caused by "trusted" users accessing critical systems while under compromise themselves. "Have a strategy to deal with DDoS attacks, as these may be smokescreens for data exfiltration, or other fraudulent activity."
The Green Sheet Inc. is now a proud affiliate of Bankcard Life, a premier community that provides industry-leading training and resources for payment professionals. Click here for more information.
Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.