Quick Stats

Quick Stats

    You are here

    Cyber Security Critical for Independents

    NGA panel explores necessary measures

    By Joan Driggs, EnsembleIQ

    Scared, but no longer running away. That’s the general reaction of retailer attendees to various technology topics addressed at the 2015 NGA Show in Las Vegas, which wrapped up yesterday. While presentations included competitive game-changers such as mobile analytics, e-commerce and digital marketing, it was a presentation on cyber security that forced into light a startling truth: without security, technology doesn’t matter. Without security, you may be out of business.

    “Cyber Security – A National Perspective,” featured Paul Kleinschnitz, SVP – GM, Cyber Security Solutions for First Data, who shared the increasingly harmful impact of cyber attacks on businesses of all sizes.

    Following Kleinschnitz’s overview, a panel including Paul Doty, director of information technology at Sendik’s Food Markets, Milwaukee; Ray Sprinkle, president and CEO, URM Stores, Spokane, Wash.; and Ken Grogan, manager of treasury services, Wakefern, discussed security from their on-the-ground positions.

    Kleinschnitz pointed to the Target breach of 2013 as a pivotal moment in cyber security. That breach became personal for millions of consumers. It also marked a turning point for small business owners, who, with increasing awareness, understood that security was a problem they needed to address as well. Cyber security is no longer an issue just for big corporations; 90 percent of breaches target small business owners, and attacks are increasing, says Kleinschnitz.

    Criminal activity is increasing malware, or malicious software. Criminals are most likely located outside the United States and are well-trained in operating what essentially is affordable software – bottom line, it’s an easy, affordable, low-risk way of making a tremendous profit.  

    Crime in action

    The most prevalent weakness, and that experienced by Target, begins when a customer’s credit card is scanned. According to First Data, there are two points in the payment process where sensitive cardholder data is at risk of being exposed or stolen:

    1. Pre-authorization – When the merchant has captured a consumer’s data and it's being sent or waiting to be sent to the acquirer/processor.

    2. Post-authorization – When cardholder data has been sent back to the merchant with the authorization response from the acquirer/processor, and it's placed into some form of storage in the merchant environment. It’s at that in-between stage, where the data has been captured and it’s waiting to be received, that malware grabs the data and runs with it.

    Fighting crime

    First Data’s TransArmor Solution is designed to offer small business owners critical layers of protection. A key component is encryption with random-number tokenization, which means that personal information is never exchanged, as the token number replaces the cardholder data. The PCI-DSS- (Payment Card Industry Data Security Standard) compliant solution also includes audit, software and hardware monitors of POS systems, a liability waiver, and support experts.

    Ray Sprinkle of URM likened being made aware of the 2013 breach to his company being hit by a two-by-four. The Northwest-based co-op food distributor and payment processor serves more than 300 stores, but determined that 67 stores in Washington, Idaho, Oregon and Montana were exposed by the breach. Federal authorities notified Sprinkle that URM stores were a “common point of purchase” for stolen credit card data. His company has adopted extensive security measures since then, and he cautions others in the industry to avoid what URM endured. As with any disaster, there needs to be a plan in place, which includes public relations, legal counsel, internal communications, and should be supported with practice and role play. Cardholder information isn’t the only valuable information companies hold, the panel cautions, there’s also employee records and pharmacy data, for example.  

    In a rare light moment on the topic, Sendik’s Doty, who is ISA cyber security-certified, quipped that one of the biggest fears is the proliferation in the arena of retail security of TLA – three letter acronyms. 

    By Joan Driggs, EnsembleIQ
    • About Joan Driggs Joan Driggs is Managing Director ― Strategy, Member Development at the Path to Purchase Institute. She has more than 25 years of experience in trade journalism and market research. Joan enjoys connecting with CPG manufacturers and grocery retailers, and learning how they connect for the benefit of consumers. Her roots are in new product development and she continues to seek out the latest and greatest at grocery retail. To connect with Joan, email [email protected], or reach out on Twitter, @JoanPGrocer.

    Related Content

    Related Content