14 LOSSPREVENTION&SECURITY
RETAIL IT THREAT LANDSCAPE WORSENS
As we fi nalise this annual examination of retail’s loss prevention and security technology landscape, an unprecedented number of email data security breaches have come to light
psilon Data Management, a large email marketing services company, disclosed 1 April that attackers had stolen customer data belonging to several of its clients. While the extent of this breach is still under investigation, the initial list of affected companies has steadily grown to include several global companies, such as major hospitality fi rms Marriott and Hilton, and big retailers such as Best Buy, TripAdvisor, Mothercare, and Marks & Spencer among others.
E Although the email data stolen did not
contain any personal identifying information, it could be used to direct spam and phishing attacks. A major global data breach such as this, which was also preceded by a similar breach affecting the email service providers of
Play.com and The Co-operative Group, as well as a security breach at
Lush.com, throws the spotlight fi rmly on improving the levels of security included in retail IT third- party services. In addition, recent research from the
Ponemon Institute found that, last year, the cost of a data breach rose to £133 per record, and that negligence was the cause of 41% of breaches. Marc Lee, sales director at Courion, the access assurance company, said data breaches can create catastrophic bad press and can have a painful impact on the bottom line.
“Coupled with the new powers of the
Information Commissioner’s Offi ce to fi ne companies in the UK upwards of £500,000 for each instance of a data protection failing, the fi nal overall cost of a breach or loss could very quickly dwarf the £4.5 million average cost per incident revealed by the Ponemon research. Organisations need to better understand where their greatest sources of risk reside as well as who is accessing sensitive data, how and why. It is the organisation’s responsibility to track activity and make sure that access to the most sensitive data is only granted to those for whom it is necessary to do their jobs,” he warned.
RETAIL TECHNOLOGY MARCH/APRIL 2011
Adding to the already complex and
threat-fi lled security landscape for retailers online, CyberSource recently released its seventh annual UK Online Fraud Research CyberSource on the impact of online fraud for digital goods merchants. The report found the fact that nearly three quarters ranked online fraud as their greatest business threat. A further 40% of digital goods merchants had stopped accepting orders from outside the UK due to fraud risk, and many were embracing sophisticated anti- fraud tools such as internet protocol (IP) geolocation more rapidly than other sectors – 36% of digital merchants used this tool compared to 10% of physical goods retailers. But in these straitened times,
multichannel retailers have much more than their digital boundaries to protect more effectively, as our look at fi ndings of the independent Retail Fraud survey demonstrate (page 15). Key fi ndings include low levels of investment in fraud management systems, a disconnect between store and online shrink, increased trends in return goods fraud and poor contactless payment adoption rates due to perceived deployment costs.
Stanley Skoglund, Visa payment system
security senior vice president, told Retail Technology: “Face-to-face fraud in the UK retail environment was down 6% in the last year. Much of this reduction is due to the success of the UK’s full transition to chip and PIN fi ve years ago. Visa Europe is looking to encourage retailers across Europe, who have not equipped themselves for EMV chip acceptance or who still process a signifi cant percentage of transactions using magnetic stripe with an incentive to update their systems.” He said the new Visa Technology Innovation Programme would help face-to- face merchants meet their Payment Card Industry Data Security Standard compliance requirements and reduce their overall security costs. “Only by working with retailers on all areas of acceptance and card data storage can we hope to prevent fraudsters who are always looking for weaknesses. For this reason Visa Europe has also issued best practice guidelines on Data Field Encryption and tokenisation to help retailers understand potential risks and develop their systems accordingly,” added Skoglund.
Page 1 |
Page 2 |
Page 3 |
Page 4 |
Page 5 |
Page 6 |
Page 7 |
Page 8 |
Page 9 |
Page 10 |
Page 11 |
Page 12 |
Page 13 |
Page 14 |
Page 15 |
Page 16 |
Page 17 |
Page 18 |
Page 19 |
Page 20 |
Page 21 |
Page 22 |
Page 23 |
Page 24 |
Page 25 |
Page 26 |
Page 27 |
Page 28 |
Page 29 |
Page 30 |
Page 31 |
Page 32 |
Page 33 |
Page 34 |
Page 35 |
Page 36 |
Page 37 |
Page 38 |
Page 39 |
Page 40