When it comes to security, retailers have their hands full.
Not only do they have to protect their own companies from data breaches (think stolen passwords or ransomware), but they also have to protect their customers’ credit card data as well. A credit card breach isn’t just a major reputational hit; it can come with multi-million dollar financial repercussions as well.
With that in mind, it’s not surprising that the 2023 Verizon Data Breach Investigation Report focused heavily on the retail sector in their most recent assessment of incidents and breaches.
While we recommend reading the complete report for full context, here are a few highlights that retailers should consider:
Nearly half of incidents involving retailers resulted in confirmed data exposure.
94 percent of threat actors were external.
It was far less likely for a retailer to be breached by a hacker or someone else with no connection to the company.
100 percent of incidents were financially motivated.
In some other industries, such as public administration and finance, espionage or grudges were contributing factors. That was not the case this year in the retail sector.
More than 1 in 3 incidents (37 percent) directly targeted credit card data.
Credentials (usernames and passwords) and personal data were also targeted, but less frequently.
However, in a bit of encouraging news: credit card data has not been targeted as frequently in recent years, with targets having peaked in 2018. This is likely the result of more companies achieving – and maintaining – PCI compliance.
When payment card breaches were successful, the most common threats were:
- Web applications
- Gas terminals
- POS servers
Ransomware and stolen credentials were the top reasons these incidents occurred. However, Magecart – a threat in which malicious actors embed code within a e-commerce checkout page – was another common cybersecurity threat that was unique to the retail industry.
Build a Stronger Payment Card Security Program
At Curbstone, we’ve been in the payments industry for more than 20 years; we’ve seen countless cybersecurity threats come and go. However, our focus on secure credit card processing has remained the same. We’ve helped retailers of all sizes process credit card payments without storing or transmitting the data on their own systems, which provides a higher level of security from emerging threats. At the same time, this helps take part – if not all – of their infrastructure out of scope for PCI audits, which considerably reduces the burden of reporting and compliance.
Ready to start building a stronger payment card security program? Check out all the ways our technologies can help you securely process payments online, in person, and even over the phone, or start a conversation with a member of our team.