Author: Randy Hofbauer / Source: ProgressiveGrocer
Ransomware, skimming just 2 security concerns to prepare for
With every year that passes, data breaches become a bigger and more frightening threat for retailers. In 2016, nearly 1,000 cases were reported, the highest number since The Identity Theft Resource Center, in San Diego, began keeping records in 2005.
And grocers are a hot place for data criminals. According to research from Chicago-based fraud protection firm Rippleshot, they make up the No. 1 channel for data breaches in terms of the percentage of compromised accounts.
Today, there are two common forms of breaches that all retailers face: at-rest-data breaches and malware-type breaches, according to Lynn Holland, VP of merchant solutions at ACI Worldwide, an electronic payment solutions provider based in Naples, Fla.
Those incidents concerning at-rest payment data involve settlement files that haven’t been sufficiently secured for storage and transmission to an acquirer. These aren’t too difficult to protect oneself from, Holland notes, as stronger Payment Card Industry Data Security Standard (PCI) controls, network security and encryption help secure the data center. And now tokenization can secure the settlement and back-office processes for merchants, replacing the clear card number with a secure token for all post-authorization processes that secures the consumer’s data while still allowing the merchant’s back-office processes to operate.
“As a token would imply, they have a number, but it’s not the number on the credit card,” says Josh Hartinger, manager, electronic payment technologies at Commerce, Calif.-based wholesaler Unified Grocers. “So if it gets stolen, it doesn’t have any value.”
More alarming and tricky is when self-replicating malware is introduced into the in-store environment, infecting servers in a location and sniffing out card data being passed from payment terminals and the POS platform to be sent for authorization.
“This breach targets the in-store IT environment, which is much harder to physically secure than a hardened central data center,” observes Holland.
The Malice of Malware
Arguably the most significant malware incident on a food retailer in recent memory is Minneapolis-based Target’s incident in 2013, when criminals broke into the retailer through its HVAC service provider, and then placed a self-replicating program that moved from store to store.
“This malware took up residence in the memory of all servers it infected and sniffed for payment-card data flowing through these servers,” Holland explains. “As clear card data was sent from a payment terminal to the POS payment application, it was recorded and sent back to the criminals’ network.”
Overall impact of the malware on Target was significant, as it went public before the holiday season. The breach exposed approximately 40 million debit and credit card accounts over less than one month.
But smaller retailers typically see most of the breaches, Hartinger says, and a lot of them lose so much business as a result, they have to close up shop altogether.
One solution, Holland offers, is to introduce point-to-point encryption technology to the payment process.
“This uses the same type of encryption technology and processes that have been in…
Click here to read more
The post The Growing Threat of Data Breaches in Grocery appeared first on Blog – Fraud Prevention for Ecommerce, Travel and Financial Enterprises | Fraud.net.
