News Alert:

Avoid AED 10,000 penalty by registering for Corporate Tax today!

Insights

MBG Middle East

Retailers Are Always Attractive Targets for Hackers

April 27, 2020

Cybercrime is big business and retailers are attractive targets. Traditional retail metrics that focus IT attention on initiatives to maximize store performance over security have left retailers with gaps in defenses. Combine inadequate security with large repositories of customer data and retailers are ripe for attack.

1. Credit card information breaches

Retailer

Neiman Marcus

Michaels Arts and Crafts

Sally Beauty Supply

P.F. Chang’s China Bistro

Damage

350,000 Payment Cards Exposed

2.6 million payment cards-7% of all cards used at Michaels

Company acknowledges 25,000+ payment cards exposed

Customer Data Exposed at 33 restaurants

Means of Access

Malware implanted through outside attack

Eight-month intrusion through PoS systems at some stores

Methods closely resemble those used in target breach

Targeted attack on PoS systems

2. Possible Penalties for non-compliant to Payment Card Industry (PCI) standard

  • Can impose $5000 to $100,000 penalty by credit card companies (VISA, MasterCard and many more) based on breach.
  • Infringement Consequences – Even the companies in compliance with the security standard PCI-DSS can suffer data breaches. If your company has suffered a breach where card information of any bank card holder has been endangered, you can expect the following penalties:
  • a. Termination of the relationship between your company and its bank/payment processor;
  • b. Negative impact over your company’s reputation;
  • c. Lawsuit by the clients whose information has been violated;
  • d. Loss of trust due to the lack of security
  • Lawsuit is a very possible outcome if the information of various bank card holders has been endangered. In 2007, TJX had to pay $40.9 million for a data breach that exposed more than 100 million bank cards to risk.
  • Revenue Loss – A strong percussion on your brand’s reputation can drastically decrease your revenue due to the loss of clients followed by a security breach. In 2013, the retail giant Target was sentenced to $18.5 million for an infringement that affected more than 41 million consumers, leading to a $440-million-loss of revenue only in the first quarter after the breach.

3. Merchant applicability

All merchants that store, process or transmit cardholder data must be PCI compliant. Each merchant that is categorized as a Level 1, Level 2, Level 3 or Level 4 merchant is required to conduct quarterly network vulnerability assessment & submit Annual self-assessment report directly to its acquiring bank.

MBG Corporate Services provide Legal, Risk, M&A, Tax, Strategy, Technology and Audit Assurance. Within our Technology division we provide clients a pioneering, holistic and proactive approach to resolving their key business pain points & help them to improve security posture of their organization.

How MBG can help?

  • 1. Conduct gap assessment w.r.t PCI standard
  • 2. Identify and priorities risks to the business
  • 3. Create policies and procedures to comply PCI DSS
  • 4. Submit Self-Assessment Questionnaire (SAQ) on behalf of client
  • 5. Develop short & long term strategies to comply PCI standard
  • We also serve our clients on below-mentioned services:

    • Information Security Audit
    • Data Privacy Framework & GDPR
    • ISO 27001 Implementation
    • SIA Compliance (formerly Known as NESA)
    • Technology Audit(VAPT. Application Testing)
    • Information Security Training
    • PCI DSS Compliance
    • Digital Transformation Strategy
    • Online Cybersecurity Health Check
Madan Mohan
[email protected]

Designation: Associate Director

About Author:

Madan Mohan is leader in the Technology Advisory Services of MBG Group. He is Certified CISO, CISA, CISM, ISO27001 Lead auditor, ISO 25999 Lead auditor and DCPLA (Privacy Lead Auditor). He has over 16 years of experience in Technology security , servicing large clients and managing Information security, BCP, Privacy, Cyber Security, Risk Management & Compliance projects


What can we help you achieve?

Stay one step ahead in a rapidly changing world and build a sustainable future with us.

Get a quote
Open chat
Hello
Can we help you?