Retailers Are Always Attractive Targets for Hackers
April 27, 2020
Cybercrime is big business and retailers are attractive targets. Traditional retail metrics that focus IT attention on initiatives to maximize store performance over security have left retailers with gaps in defenses. Combine inadequate security with large repositories of customer data and retailers are ripe for attack.
1. Credit card information breaches
Michaels Arts and Crafts
Sally Beauty Supply
P.F. Chang’s China Bistro
350,000 Payment Cards Exposed
2.6 million payment cards-7% of all cards used at Michaels
Company acknowledges 25,000+ payment cards exposed
Customer Data Exposed at 33 restaurants
Malware implanted through outside attack
Eight-month intrusion through PoS systems at some stores
Methods closely resemble those used in target breach
Targeted attack on PoS systems
2. Possible Penalties for non-compliant to Payment Card Industry (PCI) standard
- Can impose $5000 to $100,000 penalty by credit card companies (VISA, MasterCard and many more) based on breach.
- Infringement Consequences – Even the companies in compliance with the security standard PCI-DSS can suffer data breaches. If your company has suffered a breach where card information of any bank card holder has been endangered, you can expect the following penalties:
- a. Termination of the relationship between your company and its bank/payment processor;
- b. Negative impact over your company’s reputation;
- c. Lawsuit by the clients whose information has been violated;
- d. Loss of trust due to the lack of security
- Lawsuit is a very possible outcome if the information of various bank card holders has been endangered. In 2007, TJX had to pay $40.9 million for a data breach that exposed more than 100 million bank cards to risk.
- Revenue Loss – A strong percussion on your brand’s reputation can drastically decrease your revenue due to the loss of clients followed by a security breach. In 2013, the retail giant Target was sentenced to $18.5 million for an infringement that affected more than 41 million consumers, leading to a $440-million-loss of revenue only in the first quarter after the breach.
3. Merchant applicability
All merchants that store, process or transmit cardholder data must be PCI compliant. Each merchant that is categorized as a Level 1, Level 2, Level 3 or Level 4 merchant is required to conduct quarterly network vulnerability assessment & submit Annual self-assessment report directly to its acquiring bank.
MBG Corporate Services provide Legal, Risk, M&A, Tax, Strategy, Technology and Audit Assurance. Within our Technology division we provide clients a pioneering, holistic and proactive approach to resolving their key business pain points & help them to improve security posture of their organization.
How MBG can help?
- 1. Conduct gap assessment w.r.t PCI standard
- 2. Identify and priorities risks to the business
- 3. Create policies and procedures to comply PCI DSS
- 4. Submit Self-Assessment Questionnaire (SAQ) on behalf of client
- 5. Develop short & long term strategies to comply PCI standard
- Information Security Audit
- Data Privacy Framework & GDPR
- ISO 27001 Implementation
- SIA Compliance (formerly Known as NESA)
- Technology Audit(VAPT. Application Testing)
- Information Security Training
- PCI DSS Compliance
- Digital Transformation Strategy
- Online Cybersecurity Health Check
We also serve our clients on below-mentioned services:
Designation: Associate DirectorAbout Author:
Madan Mohan is leader in the Technology Advisory Services of MBG Group. He is Certified CISO, CISA, CISM, ISO27001 Lead auditor, ISO 25999 Lead auditor and DCPLA (Privacy Lead Auditor). He has over 16 years of experience in Technology security , servicing large clients and managing Information security, BCP, Privacy, Cyber Security, Risk Management & Compliance projects