Retail Cybersecurity: Common Threats and How to Avoid Them


Cybercriminals can try and make a quick buck by committing shopping fraud in two main ways. They can either commit payment fraud, which uses a stolen credit card (stolen via the two methods described above, or via a data breach) to make a purchase.

Shopping season is a hacker’s paradise for those who are looking to take advantage of overwhelmed companies and websites. The shopping period, with a raft of sale discounts and other offers, often sees an increase in website attacks. And while retailers may know that they are under increased pressure, they may not have the resources to bulk up their cybersecurity defences given their priority on customer service, shipping, and other necessary prerequisites.

It is thus important to shed light on the most common types of threats that retailers face during the shopping season and also offer some recommendations on how to stay secure and safe.

Retail Cybersecurity Challenges and Threats

Threat 1: Payment skimmers

Knowing that traffic and transactions are at an all-time high during busy shopping seasons, hackers seek to steal valuable payment data from unwitting customers and retailers alike. This can be done by compromising physical POS systems with malware. If retailers are using any legacy POS systems or haven’t updated them in a while, the devices may be vulnerable to known exploits.

With PoS systems and terminals likely to be inundated with a surge in customers, hackers know that this would be prime time to launch an attack in hopes of stealing valuable credit card data.

Threat 2: SQL Injection

Hackers can also compromise a retailers site to steal payment data at the time of an online purchase. This is often done via an SQL injection, which drops malicious code into a site that lurks and steals data. This allows hackers to steal payment data entered into a field without the customer or the knowing.

Magecart is one of the more notorious methods of attack that exploit unpatched Magento versions to drop malicious code to either steal payment data, redirect links to malicious sites, and more recently, mine cryptocurrency without the victim’s knowledge.

While this is an attack that can be leveraged at any time, savvy hackers may choose a time where the attack is likely to go unnoticed given the flurry of activity in stores and websites. If the retailer is inundated with alerts and other pressing issues, any alert that highlights a potential issue may be ignored, dismissed as a false alarm, or may not be addressed in time.

Threat 3: Fraudulent transactions

Cybercriminals can try and make a quick buck by committing shopping fraud in two main ways. They can either commit payment fraud, which uses a stolen credit card (stolen via the two methods described above, or via a data breach) to make a purchase.

This can hurt retailers as victims are likely to report the fraudulent purchases. The credit card company will then refund the purchase, passing the cost over to the retailer while charging them a fee for the whole process.

Return fraud is another commonly carried out tactic used by scammers and thieves. Done in person or online, scammers can return stolen merchandise or use altered receipts to get a refund for an item they never purchased (and that the retailer will never receive). Without the right authentication or verification process in place, scammers can continue to fake returns and reap cash until the scam is finally flagged.

Given that margins are likely to be tight during these large sale periods, a retailer may actually lose money because of these fraudulent tactics.

Hackers know to carry out these attacks during the shopping season to avoid detection. Without the right detection/monitoring systems, it’s hard to sift through a huge increase in transactions to spot a fraudulent one.

Threat 4: DDoS attacks

Retail websites already see an increase in traffic during the shopping season.

If a malicious hacker is looking to cause damage, negatively impact a retailer, or leverage increased traffic as a way to carry out another attack, they can launch a DDoS (distributed denial of service) attack on a retailers site.

A DDoS attack often leverages a botnet, which is a collection of compromised devices, to essentially spam a website with numerous queries to overload the website. If the site doesn’t have the right protection, the abundance of queries can slow down or even bring down the website.

How companies can improve their retail cybersecurity posture?

Retailers cannot treat shopping season time just like any other time from a cybersecurity standpoint. In order to make sure they have the support needed in case of any incident, they’ll need to:

Invest in solutions and tools to deal with the above problems: DDoS protection tools, EDR, and anti-fraud solutions can help prevent, detect, and minimize the risk of these threats from compromising your organization.

Ready your environment: Patch your tools and software, especially if any systems or devices have any known exploits and make sure you can detect unauthorized users entering or moving within your environment.

Increase staff as needed for monitoring and response purposes: Even with the right tools, your cybersecurity staff may not have the time to learn a new tool, manage it, or work with it to properly detect and respond to any flagged behaviour or alerts. Consider increasing your headcount, even if just temporarily so you can devote more resources during this high risk period.

Work with a managed service partner: Any kind of managed service provider, whether an MSSP, an MSP, or an MDR will be able to provide the above in a packaged manner, saving you time and money when it comes to selecting any new tools or technology and wielding them effectively. Even if it’s just for a short stint, having an extra resource available may make the difference between a good shopping season and a bad one.

Organizations need to react to the demands threats create, even if they are seasonal. It doesn’t make sense for an organization to mobilize around a lucrative shopping season only to lose their profits (and perhaps more than that) to a couple of opportunistic hackers.

Prioritize readiness and make sure you have the resources you need to detect and deal with attacks. Investing in new technologies or partners now can also pay off in the future as you’ll be protected beyond the peak shopping season.