With the 2020 holiday shopping season upon us — especially amidst a global pandemic — online retailers are likely to be a target for hackers more than ever before. Steve Ragan, security researcher at Akamai, advises: “There is an urgent need for better identity controls and countermeasures to prevent attacks against APIs and server resources.”
“Whether it’s malicious code placed on a checkout page or a clever phishing attack, hackers will find a way to siphon off sensitive customer data,” states Ryan Smith, Vice President of Global Business Development at Futurex, in a recent Retail TouchPoints article. The latest hacking trend is credential stuffing.
Credential stuffing is the automated use of collected usernames and passwords — generally garnered from a data breach — to gain fraudulent access to user accounts, writes CSO Online. Lately, credential stuffing has been plaguing retailers, loyalty programs, and the hospitality industry. Akamai recently published a report that found that 63 billion credential stuffing attacks — that’s 63,828,642,449 — hit these industries in the past two years.
“Criminals are not picky — anything that can be accessed can be used in some way. This is why credential stuffing has become so popular over the past few years. These days, retail and loyalty profiles contain a smorgasbord of personal information, and in some cases financial information too,” Ragan states in a HelpNetSecurity article.
How to protect sensitive customer data from hackers?
Perhaps it’s time for retailers to consider a different approach — one where if hackers get in, they don’t walk away with anything of value. Two effective cryptographic techniques retailers employ to protect PII data are tokenization and application encryption. By using these technologies, retailers essentially use algorithms to transform sensitive customer data into an unintelligible form. Even a massive data breach yields nothing of value to the hackers and has no impact on the retailer’s reputation.
Fundamentally, application encryption allows organizations to encrypt entire files or specific fields of data at the application level before it is stored. Data is encrypted immediately upon ingestion into loyalty or rewards programs and remains encrypted while “at-rest”. Read the Introduction to Application Encryption whitepaper.
When it comes to securing their customers’ information, there is much at stake for retailers. Retailers have turned to Futurex for reliable data protection solutions that go above and beyond regulatory compliance standards. With over 40 years of experience, Futurex protects the world’s most sensitive data providing leading-edge enterprise hardware and cloud data security solutions for retailers and the financial services industry. Learn more about our security solutions for retailers.