Donna Marks, CEO, Windfall Inc.

Retailers can be easy targets for identity thieves, particularly given consumers’ regular use of credit cards to make purchases. While we’ve heard less about major retail breaches in the past year, merchants will continue to be at risk for fraudulent activity because credit card information will always be valuable. Even as the new chip cards are becoming standard, cards with magnetic strips will still be usable for some time, and stolen card numbers will continue to be in high demand for online purchases.
Advertisement
Adding to that, with stores increasingly expanding their online commerce, additional valuable consumer information is being collected and stored, including personal data and login details. Often consumers use the same passwords for several online accounts – so that information may be even more valuable to hackers than their card numbers.
Following are four ways retailers continue to be vulnerable to fraudulent activity, as well as steps you can take to reduce your risk of experiencing a data breach:
Running Outdated Technology
Keeping your computers up-to-date can be time-consuming and expensive, particularly if you have a smaller retail operation with minimal – or no – IT staff. But neglecting to implement the necessary software and firmware updates can potentially bring your operations to a standstill. Most updates focus on patching security vulnerabilities. Skipping an update for even your least-used machines can put your entire network in jeopardy. Make sure to check your devices several times a year, and call a networking specialist if you detect anything suspicious.
If you operate an online store, outdated applications on your server can leave an opening for hackers to access your customer files or payment data, so it is critical to update your server applications regularly. If you don’t have the resources to actively maintain your server, many web hosts offer managed plans that will apply updates and software patches for you.
Allowing Employees Too Much Access
Giving your employees too much access can position your company for an increased risk of both intentional and unintentional data breaches. Ensure staff only has access to files and customer data that they need to do their jobs. Any more than that, and they may be tempted to look at information they aren’t supposed to.
This is particularly important in retail, where it’s common to hire part-time and temporary employees. These employees are often less committed to their company’s success and receive less training, so it makes sense to establish and maintain limitations.
Storing Customer Data In One Place
Most retail stores maintain a variety of information about their customers – credit card data, contact information, username and passwords, and possibly even a browsing history. While it’s convenient to keep all of this in one location so you can easily access a complete profile on individual customers, doing so could significantly increase your risk potential in the event of a breach. Instead, maintain separate systems for your payment information, login credentials, and any other secure or private information you may be storing about your customers.
Managing Paper Documents
Do your customers fill out paper applications? Do you collect credit card information on paper and then enter the details into your payment system later? Do you maintain physical records of any customer information or financial data? If you answer yes to any of these questions, your business needs a retention and disposal policy for paper documents.
Each time you write or print a customer’s information on paper, you increase your risk of old-fashioned identity theft. Check with your legal team to see if there are any requirements for storing the physical files and, if so, find a secure location do so. Once you no longer need the paper copies, shred them. Whatever you do, don’t toss them in the trash. Dumpster diving may not be as glamorous as hacking, but it takes a lot less skill.
Customer trust and loyalty is hard won – and can be lost in a matter of minutes when personal information is compromised. Unfortunately, identity thieves are everywhere. Recognizing if your operation has any of the aforementioned risks – and implementing the suggested recommendations if so – will help to reduce your chances of experiencing a data breach.
Donna Marks established Windfall in 1996, combining her expertise in professional purchasing with her exceptional negotiating talents to create an industry-leading group purchasing organization that offers members discounts to help them grow their businesses and associations. By providing members with the savings advantages of leveraged buying power, at no cost to join, the company grew quickly, serving more than 200,000 business and association members nationally.