When it comes to cybersecurity, retailers are attractive targets. This is because they hold large amounts of customer and financial data; they are highly dependent on their retail technology; and security investment has traditionally been low compared to other sectors. Retail POS security is at the frontline of protecting data, reputation and customer trust.

  • iVend Retail Solutions

iVend’s retail POS system includes security and protection.

Learn how we’re helping retailers to keep data asset safe.

The importance security in retail POS systems

Retail POS systems hold a lot of secure customer data – name and address, date of birth, payment details. If  that data can identify an individual, it is called Private Personal Information (PPI) which is highly valuable to a cyber criminal and must be protected, in many countries as a legal requirement of compliance for retail POS systems.

Protecting data and systems is also important for a retailer’s reputation and building customer trust in retail security. A retail data breach can turn customers away – 59% of shoppers would avoid buying from a retailer who had had a cyberattack in the last year.

Without their retail POS systems and the data they hold, most retailers simply wouldn’t be able to operate. Losing access means impacts taking contactless payments, inventory keeping, managing pricing – in short, the essentials of running a retail business.

What are the threats?

  • Cybertheft – retail PPI data is to cyber criminals what priceless diamonds are to the jewel thief – shiny, sparkling assets that make a very appealing target. They can sell that information on to third parties, who use it for identity theft and fraud.

  • Ransom – this is where thieves steal data and threaten to make it public unless the retailer pays a ransom for its safe return – a practice that is increasing, with one report stating that incidents are up 67% in 2022 over 2021, whilst others put the figure as high as 77% or even 90% increase.

  • Denial of service – this is where criminals disable your system and stop your business operating. It may be combined with a ransom attack, with the threat of continued/further damage if a payment is not made.

  • Employees – one of the greatest security risk factors is staff – who can cause retail data breaches unintentionally, or in rarer cases, maliciously. Estimates are that as many as 82% of all retail data breaches involve human intervention.

These threats, if realised, could cost retailers time, money and their hard-earned reputation and potentially even their business. So what are the steps that retailers can take to strengthen the security of their POS, minimise the risk and protect their business?

1. Secure controlled access and authentication in retail POS systems

Ensure that your retail POS system has a strong security focus to stop unauthorised access. Consider a system that uses a login credential, such as a magnetic swipe card, or a fingerprint, and look at managing password resets or limiting access to the management console.

2 . Retail POS Security that is straightforward to manage

Security will be more effective at enforcing safeguards if it is simple to manage. For  example, look for a retail POS system that allows you to configure your security in line with GDPR and other legislative requirements.

You will need to be able to set up ‘roles’ – a set of authorisations based on the functions that a group of people carry out. You might have a cashier role, a returns role a manager role. That way, when a new person joins, you can quickly and easily assign them to a role, rather than having to allocate all their authorisations from scratch, risking exposure. Check that you can set up multiple level authorisations for certain tasks, requiring more than one person to approve an action, giving you a good check and balance against user error.

3. Visibility

Information is protection – make sure your POS can give you detailed reports about security and attempted retail data breaches, helping you to spot problems before they happen.

4. Cloud for greater security and ease of management

Cloud POS providers have invested in robust cyber security to keep data and systems secure. By using a software-as-a-service POS, retailers can be sure that retail POS software updates are always applied and up to date, and they have the highest levels of protection against retail data breaches.

5. Employee training for retail security

Retailers can reduce the risk of inadvertent human error by training staff in the importance of security in retail POS systems, company policies and the security tools the organisation uses.

With the right approach and retail POS security, retailers can ensure compliance for retail POS systems, defending against retail data breaches, protecting their reputation and building customer trust in retail security.

Is security a genuine threat in retail?

Yes, the data that retailers hold about customers is very attractive to cyber criminals. If they can get hold of information that identifies a particular individual, they can use it as the basis for identity theft – either buying goods in the person’s name, applying for credit, or even applying for identification documents. Because of the sensitive nature of the information, there is a legal requirement in many countries to protect it.

What are the legislative requirements?

The legislation varies from country to country – across Europe, personal information is protected by the General Data Protection Regulation, or GDPR. This is applicable to any organisation that serves customers in European countries. In the US, legislation is structured by industry, with retailers being covered by the Gramm-Leach-Bliley Act (GLBA) and the Federal Trade Commission (FTC)’s Data Privacy Guidelines. Although these latter are self-regulatory, the FTC can ‘take actions against companies that  fail to abide by self-regulatory programs’. In Australia, the relevant legislation is the Privacy Act 1988. The Australian Government’s the Australian Cyber Security Centre (ACSC), has published the ‘Essential Eight’ guidelines on security, based on practical experience and international intelligence.

References:-
https://www.emich.edu/it/security/software-security/sensitive-data/information-types/ppi.php#:~:text=When%20you%20tie%20that%20piece,right%20to%20keep%20PPI%20private.
https://www.arcserve.com/blog/retailers-and-ransomware-how-secure-your-defenses-holiday-season
https://securityboulevard.com/2023/02/retail-sector-ransomware-attacks-grow-by-67-in-2022/#:~:text=When%20it%20came%20to%20ransomware,massive%2067%25%20increase%20over%202021.
https://www.verizon.com/business/resources/reports/dbir/
https://www.tripwire.com/state-of-security/4-reasons-why-the-cloud-is-more-secure-than-legacy-systems#:~:text=Controlled%20Access%20When%20data%20is,amount%20of%20human%20risk%20decreases.

Future Proof Your Business

Future-proof your business by utilising Cloud technology.
Contact us to discuss moving your retail stores on Cloud today to build resilient retail operations for tomorrow.

Recent Posts