It’s the time of year for holiday cheer. Hot chocolate, cookies, presents and other festivities abound. Shops dress up their windows in exotic displays, and festive lights can be seen everywhere. Yes, it’s the time of year when everything is grander and everyone seems happier.
But it’s not always sunshine and roses during the holiday season. Trouble often lurks in the shadows—preying on both retailers and consumers. Criminals take advantage of the spike in spending, and use the opportunity to hide in the crowds and undertake fraud of various kinds.
+ Also on Network World: Flash mobs the latest threat this holiday season +
Financial fraud is the one that comes to mind first, but identity theft, impersonation and theft of items, among others, are all common. On top of that, every year cyber attackers improve on their techniques to steal information, money and goods.
We’ve put together a list of tips for retailers and consumers to keep top of mind this holiday season to prevent them from becoming a victim of holiday scams.
Security tips for retailers
1. Prioritize staff awareness
Many retailers add to their staff during the holiday season, with temporary employees hired to deal with the increase in footfall and traffic. It’s important to make security awareness and training part of the on-boarding process for these workers.
While their primary role is often to service customers, they should remain vigilant at all times. Customer identity verification becomes particularly important when interacting online or over the phone, where it is easier to impersonate someone else.
In stores, physical checks, such as checking POS terminals for signs of tampering, should be performed frequently. Replace any terminals that are suspected to have been compromised in any way.
2. Beef up monitoring and detection capabilities
Putting in place multiple preventative security controls can introduce friction into the customer experience. This can involve extra authentication steps, verification or even blocked transactions, which flag as suspicious activity. These can frustrate frustrate customers, as well as potentially cause lost sales.
Instead, it’s a good idea to invest in monitoring and detection capabilities, so the customer experience isn’t adversely impacted. This way, the IT teams only need to focus on alerts that are likely to indicate malicious activity, and they can identify and respond to threats quicker.
3. Share threat data
Many criminals share attack methods and hit multiple retailers. By sharing threat data, such as malicious techniques and indicators of compromise (IOCs), retailers can stack the odds in their favor by taking preemptive steps to curb crime.
Many companies choose to share such threat data using informal means, such as leveraging personal relationships. But automated and semi-automated options also exist, such as open source threat intelligence communities, which allow users to freely share detailed threat information publicly or to closed groups.
4. Implement a response plan
All relevant threat scenarios should be taken into consideration, and a response plan should be devised that accounts for each. Response plans can include technical controls, such as isolating systems or rebuilding servers, or they can be more procedural- and communications-based, which takes into account how partners and customers should be notified of an incident.
5. Have a backup plan
Finally, backup procedures should be implemented in the event any systems become unavailable. For example, if the POS terminals are rendered inoperable, there should be alternative offline means available to take payments.
Security tips for consumers
6. Value personal data over card data
While no one wants their card or payment data stolen, it’s easy to forget that criminals often target shoppers’ personal data. During the holiday season, it’s not uncommon to find people conducting surveys or asking shoppers to fill out forms in exchange for store discounts. Consumers should remain vigilant of what data they provide, to whom and for what purpose.
7. Check your statements
Among the frenzy of holiday shopping, it can be easy to overlook or miss a stray transaction. It’s worthwhile to spend an extra few minutes looking over all transactions on bank and credit card statements in careful detail, and query any that look unfamiliar—no matter how small the amount. Doing so can potentially help nip any long-term fraud in the bud.
8. Don’t believe all offers
Phishing scams are popular all year round, but especially during an incident, holidays or other busy times. Many emails will be sent this shopping season claiming to be “exciting, not-to-be-missed” promotions from retailers. Unfortunately, many will be phishing emails enticing users to click on links to harvest personal details or install malware, such as keyloggers or ransomware.
As always, when it comes to cybersecurity, it’s worth remembering the old adage: If it looks too good to be true, it probably is.
Awareness + Vigilance = Happy Holidays
With all of this said, don’t let security dangers damper your festive spirit. Know the risks, remain vigilant and always follow security best practices, and you’ll be well on your way to a fraud-free holiday season. Cheers!