Christmas conjures up cosy images of twinkling lights, presents under the tree and time spent with family and friends enjoying the festive cheer. But for retailers, the holiday season is often a time for increased stress and worry, induced by the burden of increasing security. Whether it’s implementing measures in-store to prevent the physical theft of goods, or online and over the phone to prevent the use of fraudulent payment cards and keeping sensitive customer out of the hands of hackers, retailers have their work cut out for them in the time between Black Friday and Christmas.
With the holiday season right around the corner, retailers are gearing up for the two most lucrative months of the year. According to the National Retail Federation (NRF), retail sales are expected to increase a solid 3.8 to 4.2% to reach between $727.9 and $730.7 billion in November and December. Yet, despite the good cheer these sales numbers will bring, not everything is merry and bright, especially for the retail sector – ‘tis the season for retail fraud.
According to the 2018 Fraud Attack Index from Forter, overall payment fraud increased by 13 percent from 2017 to 2018. In the same vein, ACI Worldwide reported another 13 percent increase in fraud attempts in the ‘buy online pickup in-store’ (BOPIS) channel from 2017 to 2018, a key form of CNP commerce. The report goes on to describe that these fraudulent attempts peaked at a whopping 20 percent right before Christmas. Considering the hundreds of millions of merchant transactions that occur during the holiday shopping season alone, it’s safe to say that potentially millions of cardholders and merchants alike would have been affected.
This year online sales are predicted to increase 15 percent, meaning CNP fraud too, will see an upsurge. But, those numbers may grow even steeper in the U.S., as more brick-and-mortar stores (including the popular BJ’s Wholesale Club, Lowe’s and Barnes & Noble) announce that they will close on Thanksgiving Day, which is traditionally one of the busiest shopping days of the year. As a result, consumers may turn to alternative channels that require CNP payments to catch the latest and greatest deals.
To make matters worse, Verizon’s 2019 Payment Security Report uncovers some startling truths. Only 1 in 5 organisations in the Americas maintains in full compliance with the Payment Card Industry Data Security Standard (PCI DSS). Additionally, the percentage of organisations achieving and maintaining compliance worldwide dropped from 52.5% in 2017 to 36.7% in 2018. The importance of implementing the proper security controls mandated by the PCI to prevent data breaches cannot be understated. As Rodolphe Simonetti, Global Managing Director for Security Consulting at Verizon, puts it in the report, “Our data shows that we have never investigated a payment card security data breach for a PCI DSS compliant organisation. Compliance works!”
Data Breaches on the Rise
Already in 2019, the retail industry alone succumbed to 199 data breaches so the pressure is on to secure sensitive customer information and deter fraud of all types. In Jumio’s announcement of a noticeable increase of ID fraud during Black Friday, their Chief Product Officer, Philipp Pointner stated that “2018 witnessed the largest increase in attempted ID fraud in five years and this highlights why organisations need to use more sophisticated digital identity verification solutions to take that extra precaution…especially during the holidays.”
The sheer volume of information being generated by each individual purchase is immense. And with more data comes the need for increased security, and this responsibility falls upon everyone within an organisation. But where to begin?
Actionable Steps for Preventing Fraud During the Holidays
No one wants to be held responsible for the latest data breach, so it’s understandable that many IT staff feel the pressure when it comes to protecting customer details, especially when you consider the enormous reputational and financial damage a data breach can have on a company. And though it is easy for many to blame the IT department, a majority of that blame goes beyond their control. In fact, despite the IT department being able to implement industry-leading email security solutions, the 2018 Verizon Data Breach Investigations Report cited user error as being the main cause for 17% of breaches last year.
This blame is undoubtedly misplaced when placed solely on the IT department; it’s up to senior management to alleviate some pressure for the IT staff and make it the responsibility of each and every team member, along with the business itself, to ensure data is kept safe and secure.
Considering that more and more people are avoiding the brick-and-mortar stores and buying gifts either over the phone or online, it’s best to begin the fight against fraud by starting with the contact center – often deemed the most vulnerable channel. Contact center risk is especially high during the holidays, as major retailers bring on thousands of temporary, seasonal and outsourced employees. For instance, Target plans to hire an astounding 130,000 seasonal workers, with 8,000 just for their distribution/fulfillment centers.
To help safeguard your contact center and make sure your security practices can withstand even the busiest of holiday rushes, we’ve compiled a few tips that are simple to implement, and can make all the difference:
1. Educate staff to be wary of suspicious or unusual emails.
Keeping staff informed is vital. A security-savvy team member is far less likely to click on a suspicious link in an email. Make sure they understand the current IT security threats facing the business and all the ways cybercriminals may attempt to hack into internal IT systems.
2. Use a password vault to store all your passwords.
This will mean no website login has to use the same password. What’s more, you can create long, complex passwords that you never have to remember again!
3. Review your data security standards.
The first step to being secure is knowing where your risks lie. From a payments standpoint, complying with the PCI DSS will provide comprehensive protection from payment fraud and will go a long way in helping to prevent a data breach from occurring. Beyond that, the UK government has a designated website – that details the bare minimum security standard. The site’s simple survey takes only a few minutes to complete and will provide a review of cyber risk and how you can protect yourself.
4. Keep your software up to date.
This might seem like an obvious one, but you would be surprised by how many people put themselves at risk simply by neglecting to update to the latest version of security software. All it takes is 10 minutes to download and install the newest patch, and it can save everyone a lot of time, effort and pain down the line.
5. Keep sensitive data outside of your contact center.
As we like to say, they can’t hack what you don’t hold! The best protection is to keep sensitive payment data from ever entering your business infrastructure in the first place. Semafone’s Cardprotect suite of secure, PCI DSS compliant payment solutions do just that, while enabling a more seamless customer experience for all of your holiday shoppers, regardless of the CNP channel they’re using.
Follow these simple points to make sure that you and all your staff have a happy (& secure!) holiday season.