Retail in Asia

In Trends

Retailers under attack: Security lessons for all SMBs

Computer internet credit card security concept with padlock

Retailers have been among the hardest hit data breach victims in recent years despite their diligence in complying with the Payment Card Industry Data Security Standards (PCI DSS) and other measures for protecting electronic transactions.

The largest of these is Target, which had 40 million payment card numbers and personal information on an additional 70 million people stolen. This is followed by Home Depot, which lost 56 million card numbers and 53 million email addresses to cybercriminals. High-profile cases in the US also included retailers such as Walmart, CVS and Costco.

In the few months after it was breached, Target had spent US$61 million on customer response measures. Still, the company’s reputation took a beating with its profit for the holiday quarter plunging 46% from that of the previous year. Meanwhile, retailers like Staples offered free credit monitoring, identity theft insurance and credit report to customers of payment cards who might be at risk.

But those measures failed to dispel lingering concerns about the unknown extent of a breach and the chance of malware still lurking on the network. At Home Depot and Target, investigators had zoomed in on a supplier’s stolen network credentials as one cause of their breaches – a finding that would have shaken consumers’ confidence in retailers’ ability to keep data safe.

Clearly, retailers have to protect their entire supply chain network. And they have to salvage their reputation and regain lost consumer confidence. In Singapore, the country’s Personal Data Protection Commission recently fined four organizations and warned seven others, including retailers Challenger Technologies and Metro, for not exercising due care or implementing adequate security measures to protect consumers’ personal data.

(Source: Network Asia )