New Security Worries at Retailers

As if all of the concerns at the nation’s biggest banks and credit card networks weren’t enough, consumers now have new worries and it’s coming from your favorite retailers as hackers turn their focus.

The retail industry, as it turns out, has no shortage of weaknesses that thieves are targeting and as a result, consumers are being left vulnerable. More specifically – the security shortcomings are creating ways for cyber thieves to grab credit card numbers when a consumer swipes his card.

Bringing Down Banks

These are the same crooks that have managed to successfully bring down commercial websites of the biggest names in the banking and financial industry. They’re the ones who’ve found a way around the Federal Reserve, the ones who easily slipped right into the email accounts of some of the most unlikely political and financial leaders and they’re the ones who have claimed millions in cash and assets that does not belong to them. They’ve pulled this off in a matter of months.

But, as always, it’s a matter of strategy and now that this industry has taken a step towards even better security technology, cyber thieves are looking to the one area they’ve yet not compromised and one group they’re sure has become lax in security: hospitality, retail and food and beverage industries. And just as many believe their credit card swipes are safe when they’re paying for groceries this weekend, no one is believing it could happen to them in their favorite supermarket. And for the part of those vulnerable retailers, their attention is turned elsewhere, actually, their attention is focused on a host of other problems:

  • New tax laws
  • Obamacare
  • Credit card swipe laws
  • New employment laws

Needless to say, there are a lot of current events that are distracting their attention from the security of their customers’ financial information. And that’s just what the cyber thieves are hoping for. Critical cyber protection is most certainly not at the top of the priorities of many and hackers are taking advantage of that diverted attention and getting rich, too.


A recent slew of investigations – 450 to be exact – were conducted in several countries. Trustwave SpiderLabs reports that the preferred data by hackers was cardholder data. Your Visa, MasterCard, American Express, gas cards and retailer cards are targets and once stolen, are quickly sold into a thriving dark and illegal underground world. Data is being bought and sold in bundles – sometimes multiple times – and then used in host of fraudulent transactions. In fact, a whopping 45% of credit card data and other financial information that was stolen last year were done because of a retailer’s compromised network. That’s massive – and it’s also 15% higher than the reports from 2011. Worse – it’s expected to be even higher by the time the holidays roll around again.

New Technology

Remember, there are efforts being made right now that include new technology for credit card networks, new equipment and new safety mechanisms – but despite that, many merchants are doing everything they can to stay current with the new laws, including finding ways to stay in business due to new tax rates and healthcare laws. This their priority since there are significant repercussions for failing to fall into compliance. Consumer safety is crucial, but it’s just not the squeaky wheel getting the oil right now. Not only that, but some merchants report that no sooner do they put new safety measures in place, there have already been patches and upgrades issued, making it difficult to ensure they have the latest security measures in place.

With such a vast number of merchants accepting payment cards, and with so many available attack vectors, it is unlikely this market will change anytime soon,

Trustwave said in the report.


So who’s being targeted most often? The report says that between 2007 and 2012, it was the food and beverage as well as the retail industries that were the top two for the most hacks. Surprised? Many are and many assume it’s the banks that are most often targeted. Not only that, but the report also tells a tale of this trend continuing for the next several years.

I see those two continuing to vie for the No. 1 target for years to come and don’t really see any decline on the horizon, unfortunately,

the report read.

It’s easy, amidst the seemingly daily news stories, to forget some of the massive security breaches in recent years in the retail sector. Remember the 80,000 consumer breach that spread over the course of three years before it was caught? That was so bad that many retailers insisted their names not be sullied in the reports, so no one is really sure how many retailers were targeted. A mere 20 people – all Romanian nationals – were responsible for this massive breach. Just twenty people. And they hacked more than 200 American businesses and their point of sale terminals.

Amazon and Zappos

And then there was the Amazon owned company, Zappos, that announced last year that 24 million customers were affected by a cyber theft ring that stole names, addresses, credit card numbers and even the three digit security codes on the back of those credit cards, despite efforts to “cryptographically scramble” the numbers. Right before the holiday season kicked off last year, it was Barnes and Noble in the crosshairs as it was forced to announce a number of its physical terminals had been tampered with.

And rest assured – it is the credit card information the thieves are after. This, according to Richard Stiennon, chief research analyst at IT-Harvest. The retailers are the ones who have this information, after all. These industries will continue to be targeted until security efforts pick up or another sector is left more vulnerable.

Cost of Doing Business

The worst part is most say it’s simply the cost of doing business, and unfortunately, these things happen in business. The Trustwave SpiderLabs report warns that until retailers get to a place where they can stay a step ahead of the game, it’s the consumers who are going to be left vulnerable.

Computer security as a whole is simply not keeping up with the attackers,

the report reads. There have been improvements, but from the examples above, it’s clear the cyber thieves are so far winning. The tactics being used by these thieves are improving faster than security is able to neutralize the threats, leaving millions of credit cards at risk of fraud – and most of the risk is in the United States.

The National Retail Federation, which is the industry’s largest advocacy group that oversees thousands of retailers in the United States has no comment on the growing threats. This begs the question: what are consumers to do?

Same Safety Precautions

Online, changing passwords and keeping up to date virus scans is always recommended while keeping their eyes on their credit cards when handed to a clerk in a traditional brick and mortar business is what consumers are encouraged to do in the real world. It’s the same measures that have always been in place.

For retailers, surprisingly, the report says that

in every case…it’s usually missed administrative steps that lets these attackers in.

So what are your thoughts? Have you had your credit cards stolen – either online or in person? Share your thoughts with us on the findings of this report.

Similar Credit Card Blog Posts

No Comments »

Leave a comment