Despite Security Concerns, 49% Of Retailers Lack End-To-End Encryption Protections

Although data security measures should be a major priority in the wake of the numerous large-scale data breaches that have occurred at retailers including Target, The Home Depot and Michaels, many retailers still haven’t taken every effort possible to beef up their payment systems' protections.

Only half (49%) of retailers have implemented end-to-end encryption (E2EE) into their payment security plan, while 35% have implemented tokenization of payment data, according to a report from Boston Retail Partners.


Heartland, Smart Card Alliance Team Up To Improve Data Security

1heartlandsmartcardPayment processor Heartland Payment Systems is working with the Smart Card Alliance, a non-profit, multi-industry association that works to streamline smart card technology, to launch the National Center for Advanced Payments and Identity Security. The center is designed to help protect consumer privacy and accelerate the data security of payments and identity, by offering education on industry best practices and advances in security technology.


Modell's Sporting Goods Adds Protective Gear Against Cyberthreats

Modell's Sporting Goods is strapping on protective tech gear to keep its IT and data systems as safe as possible. The 150-store family-owned retailer is working to combat creative, fast-moving hackers and cybercriminals.

"The current threat landscape is ever changing," said Vincent Damiano, VP of Information Security and Compliance at Modell's in an interview with Retail TouchPoints. "We are seeing more sophisticated attacks and traditional solutions are not able to keep up."


New HP POS Integrates Intel Data Security Technologies

HP RP9 Retail System frontA new point-of-sale system from HP is the company's first to include key integrated peripherals enabled with Intel Data Protection Technology for Transactions (DPT for Transactions) technology. The HP RP9 Retail System, which was introduced at the NRF 2016 Big Show, provides end-to-end protection of both payment and non-payment customer data. This creates a secure transaction path that routes data directly from the point of entry to a bank's servers, encrypting sensitive information throughout the process.

"We know the safety of personal data has become a growing concern for retail customers in recent years," said Joe Jensen, VP of Intel's Retail Solutions Division in a statement. "Our Data Protection Technology implemented on the new HP RP9 retail system helps assure customers their data is safe from the moment they make a purchase and provides peace of mind for retailers who are ultimately responsible for customer information."


Speech Recognition Security Tool Redacts Payment Card Numbers In Real Time

When we think about data breaches, the mental image is of a literally silent crime: hackers surreptitiously extracting payment card or personal data from online purchases, or someone sneaking away from a store's point-of-sale with a device that has recorded the data from that day's card transactions.

It's easy to forget that many transactions are still conducted by voice — over the telephone with call center agents. In some retail verticals, as many as 20% to 30% of calls contain sensitive financial information, according to mobile advertising analytics firm Marchex. Safeguarding the sensitive information exchanged during these purchases involves deleting or masking the payment card numbers that are shared by customers.


Breach Exposes Details Of 3.3 Million Hello Kitty Users, But No Data Is Stolen

More than three million accounts associated with the Hello Kitty brand on, and were left vulnerable to data theft, according to a report from CSO Online. Sanrio, the retailer and designer that owns the Hello Kitty brand, said it has since secured the servers.

Online security researcher Chris Vickery uncovered the database vulnerability on Dec. 19, contacting CSO Salted Hash and The leaked information included users' first and last names, birthdays, genders, countries of origin, email addresses, password hashes, password hint questions and answers and other data, according to Vickery.

In a statement, Sanrio Digital said, “At this time we have no indication that any personal information was stolen.” Credit card and additional payments information was not included in the leaked data, and user passwords were encrypted.

In addition to the primary SanrioTown database, two additional backup servers containing mirrored data also were discovered. The earliest logged exposure of this data is November 22, 2015.

Vickery, who explores security vulnerabilities in his spare time and reports them to the affected companies, said the hole in the Hello Kitty site was the result of a database misconfiguration, leaving it open to public access without a password or authentication, according to Reuters.

This is the second time Sanrio has had to deal with a database leaking information. Earlier in 2015, the company investigated a database leak that exposed information on more than 6,000 shareholders.

The incident comes on the heels of the data breach of another Hong Kong-based children’s product brand, VTech. That hack exposed personal data, chat logs and photos of as many as 6.3 million people, including 200,000 children. This month, UK police arrested a 21-year-old man in connection with the VTech breach.


Children’s Photos, Chat Logs Snagged From VTech Site

The personal data of up to five million parents and more than 200,000 children was lifted from the servers of digital learning toy manufacturer VTech.

Information was swiped from the Learning Lodge app store database. Learning Lodge is a site that allows consumers to download apps, learning games, E-books and other content to their VTech toys.


Technology Is Important, But Trust Is Essential

2TrustWe talk a lot about omnichannel retail and giving today's shoppers every option when it comes to product ordering and delivery. But what is really at the heart of retail success is establishing a trusting relationship with customers. It sounds simple, but it's not.

This week I attended the Money20/20 conference in Las Vegas, where there were a lot of discussions and questions around data security and payment innovation. Are retailers implementing EMV? How can we make mobile payment work at the drive-thru? What are the steps to speeding the checkout process, both online and in the store? These are all great questions and need to be addressed, but when it comes right down to it, they all lead to Trust.


America’s Thrift Stores Reports Data Security Breach

AmericasThriftAmerica’s Thrift Stores, an organization that operates donations-based thrift stores in the Southeastern U.S., revealed in an official statement that it has been the victim of a malware-driven data security breach. The breach targeted software used by a third-party service provider.

The statement, from Kenneth Sobaski, CEO of America’s Thrift Stores, indicated the breach enabled criminals from Eastern Europe to access some payment card numbers.


In Largest Ever Tech Deal, Dell Buys EMC For $67 Billion

MichaelDellAt a time when other technology companies such as HP and eBay are making themselves smaller by spinning off divisions, Dell and EMC are combining to create a technology giant that will have estimated annual revenues of more than $80 billion. The company will sell a wide variety of both consumer and IT products including PCs, mobile technology, servers and data storage technology and virtualization software.

The $67 billion transaction, being called the largest technology deal of all time, will result in a combined company that is privately held, as Dell currently is. However, the virtualization software manufacturer VMware, in which EMC has an 81% stake, will remain as an independent publicly traded company. EMC shareholders will receive $24.05 per share in cash in addition to tracking stock linked to a portion of EMC's interest in the VMware business.

Subscribe to this RSS feed