Cyberthreats are Brick-and-Mortar’s Problem, Too

December 2, 2024         By: Steven Anderson

With Black Friday now one for the history books, the holiday shopping season now firmly entrenched, and Christmas music playing on some radio station just about anywhere in the United States, it’s got a lot of people thinking about shopping.

While some may decide to skip the holiday rush in stores by hitting the Web instead, others aren’t so sure about online shopping thanks to various cyber-threats. As Home Depot, Dairy Queen and a host of others in recent months have demonstrated, however, brick-and-mortar isn’t immune to cyber-threat.

There’s quite a bit for the brick-and-mortar outlet—and by extension those who shop therein—to be concerned about. Threats at the point-of-sale (PoS) level are on the rise, and it was also shown that such attackers were willing to go most anywhere the cash was.

Forty-five percent of PoS malware actually struck the small and medium-sized business (SMB) market, and PoS malware in general was up a hefty two thirds at 66 percent in just the third quarter.

Larger brands like Starwood Hotels were also recently hit, and it’s actually only part of a trend; though no one knows just who hit Starwood, FIN5 has been reportedly turning to RawPOS for hotel traffic all year. Couple this on to new malware hitting the scene like AbaddonPOS, Cherry Picker, and what iSIGHT Partners called “the most sophisticated PoS malware ever” in ModPOS and it proves there’s a lot of danger out there.

What’s more, the Europay, MasterCard, Visa (EMV) chip solution isn’t proving to be a great change after all. EMV is expected to prove a fairly big complication for retailers, along with a potentially major price problem. EMV may end up slowing lines, and cashiers—desperate to keep things moving along—may instead resort to swiping magstrips rather than trying to walk customers through the comparatively different EMV process.

That’s going to make EMV less than powerful as a security option as it may not be used as often as retailers hope it to be. Protegrity’s CEO Suni Munshani put it best, saying “If security gets in the way…they’ll rip it out.” Worse, the costs of providing all that training to temporary holiday staff is likely to be prohibitive.

Even mobile payments aren’t immune. While increasing numbers are planning to put mobile payments to work with holiday shopping—17 percent who didn’t last year plan to this year, according to an INSIDE Secure study—those who aren’t still have the classic concerns about fraud and privacy.

The increased rise in use, meanwhile, is drawing more hackers’ attention, and that means more developments in breaking mobile payments. It’s worth noting here that mobile payments systems in general are drawing their share of praise on several fronts for being properly secured; Apple Pay not only offered tokenization on payments, but also offered biometric security, which gave it a pretty strong security profile.

We all know data breaches hit regular stores, just in the way they hit online shops. Ashley Madison is no less at risk than Home Depot. The EMV switchover wasn’t going to come without some hitches and snags, and PoS threats have been on hand since there was a PoS.

Mobile payments kept this particular point in mind and are rapidly showing themselves to be some of the safest payment methods since cash, but even here there’s a learning curve as users are generally unused to this breed of payment system.

Of course brick-and-mortar has cyber-security risks; as long as brick-and-mortar has any connection to a payments system from a card to an app, there will always be some degree of risk.

In the end, only continued vigilance will provide the best results, and only people keeping a careful watch on their payment systems will come out ahead in the end. So wherever, whenever you shop this year, stay safe, stay alert, and enjoy a peaceful holiday season—Christmas, Hanukkah or Kwanzaa—as a reward.