Support 100 years of independent journalism.

Advertorial feature by SysGroup
  1. Spotlight
18 October 2018updated 09 Sep 2021 5:23pm

Retail security means retail sales

Cyber security in retail is no longer simply about protecting customer data, it’s about building trust and growing sales.

By Adam Binks

It used to be the case that, when organisations were hacked or their data was stolen by some other means, we could direct the blame at the perpetrators. In the brave new digital world, these rogues and ne’er-do-wells weren’t playing fair and were ruining it for everyone else.

Let’s be very clear: today, that is not the case. In the eyes of the public, if you get hacked, it’s your fault too. Cyber security is no longer simply about protecting your systems – it’s about protecting your reputation. Like it or not, cyber security is now part of the communications mix.

To understand how this has come to be, you need only consider the maxim: “Fool me once, shame on you; fool me twice, shame on me.” In short, public perception is that organisations should be wise to cyber security threats by now. This is borne out by research from this time last year by PwC, no less, suggesting that only 12 per cent of consumers trust companies with their data more than they did a year prior.

The fact of the matter is that data breaches do happen – and can happen even if you’ve taken every reasonable precaution. For organisations storing limited, unsensitive information, the impact can be relatively minor and relatively easy to rectify. For retailers, typically storing and processing personal and sensitive information, it can be very serious.

Take consumer electronics firm Dixons Carphone, parent company of brands including Currys PC World and Carphone Warehouse. Earlier this year, it revealed that hackers had stolen data belonging to 10m customers in a 2017 attack. That’s nine million more that it initially thought and puts the incident among the worst know retail breaches ever. Shares slumped, customers lost trust and it continues to be investigated by authorities.

Select and enter your email address Quick and essential guide to domestic and global politics from the New Statesman's politics team. A weekly newsletter helping you fit together the pieces of the global economic slowdown. The New Statesman’s global affairs newsletter, every Monday and Friday. The New Statesman’s weekly environment email on the politics, business and culture of the climate and nature crises - in your inbox every Thursday. Our weekly culture newsletter – from books and art to pop culture and memes – sent every Friday. A weekly round-up of some of the best articles featured in the most recent issue of the New Statesman, sent each Saturday. A newsletter showcasing the finest writing from the ideas section and the NS archive, covering political ideas, philosophy, criticism and intellectual history - sent every Wednesday. Sign up to receive information regarding NS events, subscription offers & product updates.
  • Administration / Office
  • Arts and Culture
  • Board Member
  • Business / Corporate Services
  • Client / Customer Services
  • Communications
  • Construction, Works, Engineering
  • Education, Curriculum and Teaching
  • Environment, Conservation and NRM
  • Facility / Grounds Management and Maintenance
  • Finance Management
  • Health - Medical and Nursing Management
  • HR, Training and Organisational Development
  • Information and Communications Technology
  • Information Services, Statistics, Records, Archives
  • Infrastructure Management - Transport, Utilities
  • Legal Officers and Practitioners
  • Librarians and Library Management
  • Management
  • Marketing
  • OH&S, Risk Management
  • Operations Management
  • Planning, Policy, Strategy
  • Printing, Design, Publishing, Web
  • Projects, Programs and Advisors
  • Property, Assets and Fleet Management
  • Public Relations and Media
  • Purchasing and Procurement
  • Quality Management
  • Science and Technical Research and Development
  • Security and Law Enforcement
  • Service Delivery
  • Sport and Recreation
  • Travel, Accommodation, Tourism
  • Wellbeing, Community / Social Services
Visit our privacy Policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications.

You may not be able to fully protect yourself from cyber security threats, but you can minimise the risk of them happening, limit damage if they do happen and increase both sales and annual revenue by being prepared and demonstrating that you are.

POS intrusions

Point of sale (POS) intrusions, be they online or at physical payment card terminals, are typically carried out via malware installed to capture payment information. Keeping security systems up-to-date is, needless to say, critical in protecting against such attacks, but segmenting them too – so that stored information and payment processes are distributed – helps to mitigate risk and limit potential damage.

Security can also be strengthened by using multifactor authentication that ensures you can’t pay with only your card but that you need something like a mobile app or hardware token as well.

Payment card skimming

If POS intrusions have hackers sneaking in through the back door to access customer data, card skimming cuts gives them a key for the front door. It typically uses devices fitted to payment terminals, such as an ATMs, self-service checkouts or petrol pumps, that read magnetic stripe data from a payment card.

Part of the solution here is training employees to recognise if tampering has occurred, but tamper-proof terminals that make it difficult for hackers to collect cardholder information and tamper detection methods can also be implemented.

PCI DSS non-compliance

Payment Card Industry Data Security Standard (PCI DSS) compliance gets more stringent every year. As threats continue to evolve, PCI standards must do the same. However, a 2016 survey from the Merchant Acquirers’ Committee discovered that only 39 per cent of small and medium-sized businesses are compliant. Not only does this leave them open to attack, it means they can be fined and banks are likely to either stop working with them or increase transaction fees. Ensuring PCI DSS compliance is one of the simplest ways to stay secure and protect your reputation.

Secure your retail rep with our eBook.

Adam Binks is CEO of SysGroup​.

For more information, please visit​

Topics in this article: