Sad to say but the retail hacks of 2013 and earlier this year are almost old news. Reports of more companies falling victim to cybercrime and the disastrous effects of stolen sensitive data, monetary losses, and decimated customer trust are almost numbing.
And downright scary. A recent study conducted by the Economist Intelligence Unit with 360 senior business leaders worldwide found that 77% experienced a security breach within the last 2 years. And yet 38% admitted they do not have a plan in place if an attack were to occur. The overall message – it’s not IF, it’s WHEN you will become victim of a breach.
Trends are also showing that the “WHEN” for a breach could be right around the corner. Credit card breaches were once attributed to hackers in Eastern Europe running underground cybercrime organizations. But today’s local criminals are now getting in on the action. Card Wash: Card Breaches at Card Washes by Brian Krebs exposes how street gang members in the U.S. recently ran a credit card ring involving 40 car wash locations around the nation.
Really? First our favorite retailers, then a delicious chain restaurant and now…gangs hijacking car wash payment systems?! The car wash locations effected were all using an out-of-date version of the same point-of-sale (POS) system that allowed remote access of devices that was granted to anyone who knew the same set of default credentials. Credit card data was stolen and then sold to thieves who used the data to purchase gift cards at local retail stores as well as host new stolen card data.
Ok, enough of the Debbie-downer Monday commentary. Yes, hackers are now everywhere, and they don’t care how big or small your business is – as long as you have credit card data. But while there is no single solution to avoid a breach, there are basic steps like simply changing passwords on a regular basis that merchants can take, to seriously considering the future of their business and adopting a holistic security approach that includes EMV, Tokenization and Point-to-Point Encryption. Ultimately, it will be up to each business to decide on how they will protect their employees and customers – because there is no size, geography, retail type or revenue boundary to breaches anymore.