2Retailers Need to Educate Customers
Retailers should be communicating outwardly to customers with frequency that security measures are in place, and that securing their data is a high priority. Retailers can do this by: a) offering optional higher security checkout lanes where employees spend a few extra minutes validating the identity of the customer to reduce fraudulent activity; b) posting placards and posters that provide awareness to consumers on various risks they incur when using certain payment methods; and c) offering prepayment options, so no actual credit card transactions occur at the point-of-sale (POS) terminal.
3Preparation Needed to Prevent Panic
Retailers need to change their mindset and practice methods of early detection and mitigation. The retail industry should face the fact that breaches are not going to stop occurring. Anticipate that you will be hacked. Zappos is an example of how a retail breach can be a nonevent. Zappos built its systems expecting to be hacked, so when information was compromised, credit card numbers and usernames and passwords were protected and no customers were affected. This mindset and approach saved Zappos from becoming another victim of a massive retail breach.
4Determine Your Own Best Practices
5Larger Retailers Should Help Define Security Standards
Market-leading retailers must get into the driver’s seat to help define and communicate security standards that raise the tide for all retailers. This also will work to illustrate what smaller companies don’t need to do that large companies must. For example, the big-scale technology deployed to maintain Walmart’s security posture may not be the best approach for a small retail chain.
6Provide Specific Risk Training
This should be made available to security teams at retailers and be focused on detection and monitoring of security threats in addition to preventive-type training. When prevention fails, it does so on a massive scale, providing potential attackers with an open environment from which to take advantage.
7Don’t Let a Corporate Network Become a House of Horrors
The reality today is that organizations are under a constant barrage of attacks from persistent and diligent hackers, requiring a military-type focus to prevent attacks from going undetected. This steadfast approach and disciplined strategy comprises planning, hours of preventative training and a tactical military-style approach to combating the bad guys.
8Take a Long, Hard Look at Your Old Systems
Retailers must transition from using weak systems that leave them unprotected and open to attack; these include Microsoft Windows XP as well as POS terminals that are rife with issues. It is negligent to allow these technologies to continue to run in a retail organization when a slew of safer solutions are available at a low cost.
9Don’t Be Self-Serving
10Retailers Should Take a Tip From Banks
11Use a Phased Approach
Rather than completely overhauling and immediately implementing new POS terminals inside every retailer (which can seem like a daunting process), deploy one or two per store to start and advertise to customers that alternative options are available. Then continue replacing POS terminals at a steady pace. This increases security posture for the retailers, reduces risk and ensures that customers are secure.