With the holiday season in full force, it’s easy for retailers to get distracted with end of year goals only a few weeks away. But with 2014 being referred to as the “year of the data breach” by 60 Minutes Correspondent, Bill Whitaker, it’s more important than ever for merchants to keep credit card processing security top of mind. According to a new study, the retail industry remains under attack from hackers, and the security effectiveness of retailers continues to decline.
Retail breaches originate from third-party vendors
BitSight Technologies, the standard in Security Ratings, released their finding from a new study analyzing the security performance of 300 major U.S. retailers from Nov. 1, 2013 to Nov. 1, 2014, and the results were astonishing. Securing the supply chain remains one of the largest challenges for merchants, as nearly a third of all breaches began with a compromise at a third-party vendor.
Malware threat increases merchant responsibility
Another key finding that has a large impact on merchants is the infection increase in almost all threat vectors, highlighting the merchant’s responsibility to ensure they using secure third-party vendors for POS applications, gateways, middleware, etc.
- In the span of a year, the retail industry on average suffered from an increase in infections in every individual threat indicator monitored by BitSight, with the exception of spam propagation. Some prevalent malware strains detected across the industry include Maazben, ZeroAccess, Zeus, Viknok, Conficker and Cutwail.
- Malware Servers: +200 percent
- Botnet Infections: +29 percent
- Potentially Exploited Hosts: +78 percent
- Unsolicited Communication: +43 percent
- Spam Propagation: -21 percent
Though there is a drastic infection increase, 75 percent of retailers that experienced a data breach in the last year have improved their security effectiveness since the point of their breach, while a third of the breached retailers still link back to compromised third-party vendors.
Merchants can still improve payment security this holiday season
Merchants shouldn’t wait until there is a breach to beef up their security this holiday season. There are precautions that can be taken preemptively to ensure the safety and security of valuable client data and information. For starters, making sure to employ an accredited credit card processor with Point-to-Point Encryption (P2PE) or Tokenization can be your best line of defense against hackers.