The retail industry kicked off 2024 in the Big Apple at NRF 2024: Retail’s Big Show. Produced by National Retail Federation, the world’s largest retail trade association, the aptly named annual convention brings in nearly 40,000 attendees, 6,200 brands represented from over 100 countries and over 1,000 exhibitors – all gathering to explore new technology and ideas among the industry’s brightest.
Known as the event that brings innovation and inspiration, retailers must have shown up at NRF 2024 with a pep in their step after a record year of retail sales growth. This year’s holiday sales increased 3.8% over 2022, reaching a record of $964.4 billion, while overall sales in 2023 grew 3.6% over 2022 to a record $5.13 trillion.
Various payment options for consumers have contributed to the growth in retail sales.
Online sales in 2023 were up 8.2% at $276.8 billion, up from $255.8 billion in 2022. Insider Intelligence predicts that in 2024, retail ecommerce sales will grow 10.1% YoY, while non-ecommerce sales will only grow 2.0% YoY.
With Growth Comes Risk
Retailers know that with growth comes an increased risk for cyber security threats. In fact, stolen payment card data remains one of the most common cyberattacks in retail, accounting for 37% of breaches this year, according to Verizon’s 2023 Data Breach Investigations Report (DBIR).
Costs of a breach add up quickly for organizations. IBM’s Cost of a Data Breach report revealed that the average cost of a breach in 2023 reached a record-high of $4.45 million.
It’s not just payment data cyber thieves are after. Per IBM’s report, Personal identifiable data (PII) – social security numbers, passport information, credit card details, banking records, and medical records – was stolen in 52% of data breaches, costing companies $183 per record in 2023.
Ransomware Continues
Some security experts recommend solutions for data breaches that occur because of internal issues, such as cloud misconfigurations, lack of permissions control, infrequent software updates or inadequate firewalls. These strategies involve costly investments – monitoring systems, employee training, etc. – that help organizations “defend the fort” against cyber threats. However, as data breach statistics significantly rise year over year, it is evident that cyber thieves will continue their efforts to breach systems and steal sensitive data.
Efforts like ransomware have proved to be a successful tactic for hackers. Sophos’ report The State of Ransomware 2023 found that of the 3,000 IT professionals surveyed, around 2 in 3 organizations suffered a ransomware incident in the last 12 months. The retail sector was among the most targeted, with 69% reporting recent ransomware attacks.
In the omni-channel world of retail payments, cyber security will continue to be top-of-mind for retail organizations. What is the best way to address the current problem of retail payment security?
Bluefin, a pioneer in safeguarding sensitive data and exhibitor at NRF 2024, addressed the current problem of retail payment security while at the show.
“Due to the evolution of omni-channel commerce, retailers have many at risk areas they must address from a security perspective. From cards on file, card-present transactions, mobile ordering and e-commerce, as well as different types of payment methods have to be secured. Whether they are using PCI-validated point-to-point encryption (P2PE) for card-present transactions or tokenization for cards on file or e-commerce transactions, retailers need to remove all types of cardholder data out of their networks. And because retailers leverage PII data, it is very important to secure that data, as it is just as valuable as card-holder data.” – Sean Gately, VP Security Solutions at Bluefin.
Gately emphasizes the importance of partnering with security industry experts to navigate through payment compliance requirements, such as PCI DSS 4.0. Additionally, Gately believes devaluing sensitive data is the key to a secure payment strategy.
“There are basically two ways that retailers can address evolving cyber threats. You can defend the data by building expensive systems to prevent hackers from breaching your network. Or you can devalue the data, leveraging encryption and vaultless tokenization technologies that render data useless to hackers when the inevitable data breach occurs.” – Gately
Learn more about Bluefin’s PCI-validated P2PE and vaulted tokenization solution, ShieldConex to devalue your data today.