‘Tis the season for one of the biggest shopping events of the year…with a twist. When the COVID-19 pandemic made its impact around the globe starting in early 2020, online shopping surged, and more consumers than ever turned to virtual means to make their purchases. Amidst the lockdowns, Black Friday saw its largest concentration of online shoppers in the first year of the pandemic compared to those visiting physical stores. This year, the trend for a mostly virtual Black Friday continues as ongoing restrictions and limitations on businesses linger.

According to Deloitte’s 2021 Holiday Retail Survey, digital means of shopping is “now a holiday habit” and “consumers continue to seek out conveniences with 73% choosing standard delivery, BOPIS (Buy Online, Pickup In-Store), and curbside pickup exceeding pre-pandemic levels”. In their 2020 survey, the company found that:

• Nearly 51% of holiday shoppers felt anxious about shopping in-store
• Contactless shopping experiences were in demand with 73% planning to have items delivered vs. 62% in 2019
• Shoppers’ preference for curbside pickup more than doubled year over year

Many retail businesses quickly adjusted to the increased number of online shoppers by dropping shipping fees and encouraging consumers to get their annual Black Friday deals through their cyber stores. While people can now save on their goods from the comfort of their own homes, this has created a very welcoming environment for cyber attackers to steal credit card information, send phishing email scams, and commit identity theft.

Cybersecurity must be a key consideration for retail businesses especially during the holidays when they are more vulnerable than any other time of the year. In recent years, businesses have fallen victim to increased malware, ransomware, Distributed Denial-of-Service (DDoS) attacks, and more.

Unfortunately, the retail space has become a lucrative target for cyber attackers and the end-of-year holidays are when they strike hardest. While this season of shopping frenzy is aimed at consumers, businesses have a responsibility to defend their customers from these threats. Many threat groups hide behind well-known retail brand names to launch their attacks and, no matter the case, this reflects poorly on the retailer itself. Even with just one successful breach, cyberattacks can leave lasting damage to a victim retailer. This may include, but is not limited to:

• Stolen and/or compromised personal or payment data of consumers
• Immediate business disruptions and long-term loss of sales
• Damaged reputation
• Legal ramifications and hefty fines from card replacement costs, forensic audits, and more.

So, how can businesses accepting online card payments protect both themselves and their customers? Here are some helpful cybersecurity tips that you can implement to avoid breaches and cybertheft this Black Friday and Cyber Monday.

1– Get Effective Cybersecurity with Proactive, Managed Services

Malicious activity often happens outside of typical business operation hours. Investing in a 24/7, managed detection and response service ensures continuous protection. Do not wait for your customers to alert you to scams and issues with payment – get ahead of threats this holiday season by having an experienced Managed Detection and Response (MDR) team detect the earliest signs of a breach and start detaining threats for you immediately.

Having an effective and streamlined security strategy focused on active monitoring is how you can thwart potential threat actors. By having security professionals monitor your network for suspicious activity, you can detect malicious behavior from the onset. Retail businesses that can react quickly to the first sign of detection win the unfair fight against cyberthreats.

2– Implement a Strict Zero-Trust Policy

Enforcing a zero-trust policy restricts third parties to only specifically authorized information on your website while blocking access to customer’s payment and personal data. Regularly review privileges and only give access on a case-by-case basis as opposed to whitelisting. A zero-trust policy:

• Requires each user and machine to authenticate before granting access and need-to-know permissions,
• Segments networks so threat actors can be more easily detained before they further their foothold within your systems, and
• Minimalizes exposure of your network’s most sensitive or critical data.

3 – Perform Regular, Detailed Checks Through Log Monitoring

While the upcoming holidays is a prime time to perform last-minute payment process checks, regular reviews will allow you to maintain operational integrity in the long term. Check your website for new or changed code as well as any third-party code that may be pulled onto your payment pages.

Controlled and effective log monitoring can help you detect anomalies, detect threat patterns, and show you signs of exploitable areas in your networks. Logs are most effective when they are actively monitored by experienced security analysts. Analysts can sift through complex logs, compile threat intelligence in real-time, and detain at the first sign of compromise.

4 – Compliance is Key – Payment Card Industry Data Security Standard (PCI DSS)

Merchants accepting credit cards must be in compliance with Payment Card Industry Security Standards Council’s (PCI SSC) requirements. This council was launched in September 2006 to manage the ongoing evolution of the standards for the Payment Card Industry (PCI) with focus on improving payment account security throughout the transaction process. PCI SSC administers and manages the Payment Card Industry Data Security Standard (PCI DSS) – a set of security standards created to ensure that all companies accepting, processing, storing, or transmitting credit card information/cardholder data maintain a secure environment and are PCI compliant.

Credit card fraud will be top of mind for retailers this season. Ensuring your business is in compliance with PCI DSS standards protects you and your customers from loss of cardholder data. Achieving PCI DSS compliance involves meeting a series of requirements including self-assessments, regular vulnerability scans, and on-site assessments.

Blackpoint LogIC brings simplicity to the everyday management of both logging and compliance. Powered by our proprietary MDR technology, LogIC’s simple, push-button setup replaces complex hardware, appliances, installs, and agent rollouts needed to implement compliance programs. LogIC was specifically designed to help you collect the right data and understand where your current security products and services are covering you in terms of compliance. LogIC’s hyper-efficient logging architecture supports real-time collection of device logs, file integrity monitoring (FIM) events, and any other application or system that exports syslog. Currently, LogIC supports and maps to PCI-DSS, HIPAA, NIST 800-171, and CMMC (up to level 3) compliance frameworks.

Hyper-efficient and designed to provide real-time data collection, LogIC can help move you into the right position towards compliance.

Interested in streamlining your compliance and cybersecurity? Visit the Blackpoint LogIC website or sign up to see a demo of the solution. You can also check out our Frequently Asked Questions here.

• Deloitte’s Holiday Retail Survey – 2021
• Deloitte’s Holiday Retail Survey – 2020
• Payment Card Industry Security Standards Council (PCI SSC) Main Website
• Payment Card Industry Security Standards Council (PCI SSC) Document Library