Trustwave and Cybereason Merge to Form Global MDR Powerhouse for Unparalleled Cybersecurity Value. Learn More

Trustwave and Cybereason Merge to Form Global MDR Powerhouse for Unparalleled Cybersecurity Value. Learn More

Services
Managed Detection & Response

Eliminate active threats with 24/7 threat detection, investigation, and response.

Co-Managed SOC (SIEM)

Maximize your SIEM investment, stop alert fatigue, and enhance your team with hybrid security operations support.

Advisory & Diagnostics

Advance your cybersecurity program and get expert guidance where you need it most.

Penetration Testing

Test your physical locations and IT infrastructure to shore up weaknesses before exploitation.

Database Security

Prevent unauthorized access and exceed compliance requirements.

Email Security

Stop email threats others miss and secure your organization against the #1 ransomware attack vector.

Digital Forensics & Incident Response

Prepare for the inevitable with 24/7 global breach response in-region and available on-site.

Firewall & Technology Management

Mitigate risk of a cyberattack with 24/7 incident and health monitoring and the latest threat intelligence.

Solutions
BY TOPIC
Microsoft Security
Unlock the full power of Microsoft Security
Offensive Security
Solutions to maximize your security ROI
Rapidly Secure New Environments
Security for rapid response situations
Securing the Cloud
Safely navigate and stay protected
Securing the IoT Landscape
Test, monitor and secure network objects
Why Trustwave
About Us
Awards and Accolades
Trustwave SpiderLabs Team
Trustwave Fusion Security Operations Platform
Trustwave Security Colony
Partners
Technology Alliance Partners
Key alliances who align and support our ecosystem of security offerings
Trustwave PartnerOne Program
Join forces with Trustwave to protect against the most advance cybersecurity threats

Black Friday Cybersecurity Checklist: Safeguard Your Store and Customer Data

The holiday season starts on Black Friday and is the busiest time of year for retailers, but it’s also a peak period for cybercriminals who look to exploit vulnerabilities in business of all sizes.

Mom-and-pop shops are especially attractive targets because they often lack the robust security infrastructure of larger companies, but by implementing a few key cybersecurity practices, small retailers can help protect themselves from fraud and cyberattacks, ensuring a safe and successful holiday shopping season.

 

1. Prioritize Employee Training

  • Educate Staff on Phishing Scams: Employees should know how to recognize phishing emails and avoid clicking on suspicious links or attachments, which can lead to malware or data theft. Encourage them to verify any unexpected or unusual requests, especially those involving payments or sensitive customer information.
  • Use Strong Passwords and Two-Factor Authentication (2FA): Ensure all employees use unique, complex passwords, and enable 2FA for accounts with access to sensitive information. This extra layer of security can prevent unauthorized access if a password is compromised.

 

2. Secure Your Point-of-Sale (POS) Systems

  • Install Updates Regularly: POS systems are a common target for cybercriminals, as they handle sensitive financial information. Regularly update your POS software and hardware to ensure it has the latest security patches.
  • Use Firewalls and Anti-Malware Protection: Firewalls and anti-malware software help block malicious traffic and detect threats. For extra protection, separate the network your POS system uses from the one used for guest Wi-Fi or other business operations.
  • Use EMV Chip Readers: EMV chip readers add an extra layer of security to in-store transactions by creating unique transaction codes, making it difficult for fraudsters to replicate.
  • Adopt Digital Wallets: Accepting payments via digital wallets like Apple Pay or Google Pay can help reduce fraud risk. These services don’t share the customer’s actual card information, adding a layer of protection for both the customer and retailer.
  • Monitor for Chargebacks and Disputes: Be vigilant about irregular patterns in chargebacks or disputes, as they may indicate fraudulent purchases. Many payment processors offer tools to help you monitor and manage such transactions.

There is also a human element when it comes to protecting fraudulent activities that can take place at the time of sale, especially in a brick-and-mortar store. Staff must be taught how to recognize a fraudulent credit card, a challenging task, but there are several signs that store employees can look out for to help identify potential fraud:

  • Holograms and Logos: Check for holograms and logos that should be present on the card. Fraudulent cards often have poor-quality holograms or missing logos.
  • Embossing: Legitimate cards have raised numbers and letters that are evenly spaced and aligned. Look for any irregularities in the embossing.
  • Signature Panel: Ensure the signature panel is not tampered with. If the signature looks suspicious or is missing, it could be a red flag.

Next, match the card number and receipt. Verify that the last four digits of the card number match the digits on the receipt. Fraudsters sometimes alter the card number to match a stolen card. Check the expiration date to ensure the card is still valid.

Criminals, particularly those who are unskilled, can be spotted by an observant salesclerk. These staffers should be instructed on how to observe customer behavior. “Customers” who are nervous or rushing should cause alarm bells to go off. This behavior can indicate they are trying to complete the transaction quickly to avoid detection.

Note that if a card is declined multiple times, it could be a sign of fraud. Be wary of customers who insist on trying multiple cards.

Request additional identification. Ask for a government-issued ID and compare the name and signature on the ID with those on the credit card. If the customer refuses or the information does not match, it could be a sign of fraud.

By staying alert and following these guidelines, store employees can help protect their business from credit card fraud. If you suspect a card is fraudulent, follow your store’s protocol for handling such situations, which may include contacting the credit card issuer or notifying management.

 

3. Secure Your Physical Store:

  • Install a Robust Security System: Invest in a reliable security system with video surveillance and alarms.
  • Limit Access to Sensitive Information: Restrict access to financial records, customer data, and inventory lists to authorized personnel.
  • Secure Your POS Systems: Protect your POS systems with strong passwords and encryption.
  • Be Cautious of Card Skimming: Regularly inspect your card readers for signs of tampering.

 

4. Safeguard Customer Data

  • Limit Data Collection: Only collect the information you need for transactions. This reduces the impact of potential data breaches and helps keep customer trust intact.
  • Securely Store and Encrypt Data: Use encryption to protect sensitive data, both in transit and at rest. Encryption scrambles data so it’s unreadable to unauthorized parties. If you store any customer information, ensure it’s stored securely.

 

5. Use Multi-Layered Authentication for Online Sales

  • Implement CAPTCHA: Adding CAPTCHA to your online checkout can help prevent bots from making fraudulent transactions or spamming your system.
  • Add 3D Secure Authentication for Credit Card Payments: 3D Secure is an additional security layer used by many major credit card networks that requires customers to verify their identity during checkout, reducing the risk of card-not-present fraud.

 

6. Back Up Your Data Regularly

  • Have a Data Backup Plan: In the event of a ransomware attack or data loss, a recent backup can save your business time and money. Ensure your backup system is automated, secure, and tested regularly.
  • Store Backups in a Secure Location: Keep backups on a separate device or cloud storage service that isn’t directly connected to your main network. This prevents hackers from accessing both your primary system and backups in a single attack.

 

7. Be Cautious with Third-Party Vendors and Integrations

  • Vet Third-Party Apps and Services: Many small retailers use third-party software for things like payment processing, customer management, or e-commerce platforms. Make sure these vendors adhere to industry security standards and verify their practices.
  • Limit Access for Vendors: Only provide third-party services with the access they need to perform their function. If a vendor no longer works with your business, immediately revoke their access to your systems.

 

9. Stay Updated on Cybersecurity Best Practices

  • Follow Industry Standards and Compliance Requirements: Familiarize yourself with the latest security standards, such as the Payment Card Industry Data Security Standard (PCI DSS), which helps businesses securely process card transactions.

Finally, consider cybersecurity insurance. Cyber insurance can provide financial protection and support if your business becomes a victim of a cyberattack. Policies often include assistance with recovery, legal fees, and customer notifications.

As Black Friday approaches, cybercriminals are gearing up to exploit vulnerabilities in businesses of all sizes, making robust cybersecurity practices essential for a safe and successful holiday season. From securing your POS systems to training employees on phishing scams and safeguarding customer data, small retailers can significantly reduce the risk of cyberattacks.

By staying vigilant, implementing strong security measures, and keeping up with the latest cybersecurity best practices, you can protect your business, build customer trust, and ensure a smooth shopping experience during the busiest retail event of the year.

Trustwave SpiderLabs has been at the forefront of researching the impact threat groups have on the retail sector. For access to all of Trustwave SpiderLabs research please see:

Additional vertical industry sector reports can be found on the Trustwave Resources page.

ABOUT TRUSTWAVE

Trustwave is a globally recognized cybersecurity leader that reduces cyber risk and fortifies organizations against disruptive and damaging cyber threats. Our comprehensive offensive and defensive cybersecurity portfolio detects what others cannot, responds with greater speed and effectiveness, optimizes client investment, and improves security resilience. Learn more about us.

Latest Intelligence

Discover how our specialists can tailor a security program to fit the needs of
your organization.

Request a Demo