At any given moment, hackers are hard at work trying to make a quick buck. Anything that sells fast on the Dark Web - including, but not limited to, health records, banking information and, increasingly, credit and debit card numbers - is in their crosshairs.
With cyberthreats looming large in the past, present and future of retail, it's worth taking some time to assess the cyberthreat landscape as well as the efforts that are underway to protect customers' payment information.
Every time shoppers, restaurant patrons or hotel guests swipe a payment card at a point-of-sale terminal, they provide a business with an alarming amount of information. Names, bank data and payment card information are all exposed, and this is everything that a hacker might need to make illicit purchases.
Since 2014, POS cybersecurity has only become more contentious. New strains of sneaky, memory-scraping malware have been identified by security experts. In the past few months alone, multiple hotel chains, including Hilton and Hyatt, have announced breaches that may have resulted in credit card information of guests being stolen.
To make matters worse, cybersecurity experts are forecasting that many hackers will shift the focus of their POS cybercrime endeavors to small and medium-sized businesses, according to SC Magazine. Not to mention, the rise of the mobile POS is also creating new complications. In summary, it's quite possible that retailers may have their most challenging cybersecurity days ahead of them.
"This problem is systemic to the U.S. and won't go away anytime soon," David Burg, the top cybersecurity consultant at PricewaterhouseCoopers, told CNN in early 2014.
Keeping digital payment data under lock and key is far more complicated than depicted here.
This dark and gloomy cloud is not without its silver lining. For one thing, a significant liability shift that occurred in October 2015 now makes retailers responsible for stolen card information, assuming they do not leverage EMV card readers. As a result, organizations that haven't already done so are expected to transition to an EMV-capable POS.
According to a recent Technavio report, the market for EMV POS terminals is forecast to see a compound annual growth rate of 11.5 percent through 2019. Interestingly, the report noted that much of this growth will be driven by increasing rates of adoption in the hospitality and retail industries, both of which have been hit hard in recent years and months.
"Chip-card technology is inherently more secure than magnetic stripes."
The reason the EMV rollout is so important, and the reason it's ultimately good news for retailers and customers alike, is that chip-card technology is inherently more secure than magnetic stripes. This is principally because each time the card is read, a single-use transaction code is generated. Therefore, retailers cannot capture this information, which means hackers are left with meaningless code should they manage to infiltrate the POS. Think of it as a sort of one-time password for credit card authentication.
Granted, EMV is not a silver-bullet solution, and it technically can't stop hackers from breaching the POS in the first place. Nevertheless, it significantly mitigates the damage of a data breach.
For any retailers, large or small, that are still looking for a new year's resolution, consider a transition to EMV POS terminals.
Mobile devices have been a godsend to just about every industry. When it comes to retail, smartphones can act as valuable multitasking tools. They can provide on-the-spot price checks, sift through a store inventory, and of course, be used to contact co-workers and take calls from customers. Most importantly, they can also act as a mobile POS. During high-volume shopping seasons, retailers can help customers checkout more quickly, assuming they're paying with a credit or debit card.
That said, the mobile POS is not without its risks. For one thing, it can be easily lost or misplaced. While EMV card readers help ensure that credit card data stays safe, they won't stop fraudsters from acquiring information from a lost smartphone such as email contact lists. In a hypothetical scenario, a hacker could launch a dangerous phishing attack against customers who are registered to receive emails from a certain business.
In this case, the solution is two-pronged: mobile device management paired with strong authentication. With the former, the process of keeping tabs on company mobile devices is streamlined thanks to the creation and management of distinct mobile identities. The latter, which may include two-factor authentication, the use of a one-time password or biometric-based authentication, makes it extremely difficult to get into a lost or stolen mobile device.
Retail cybersecurity is a tough nut to crack, especially as cybercriminals become savvier. But with EMV technology and a smart approach to device management and authentication, the POS will be an even tougher one to crack.