6 holiday security fears for retailers

Published
  • November 28 2016, 4:34pm EST
As the holiday shopping season kicks off, retailers are preparing for an influx of payment volume from shoppers and scammers alike. Here are a few of the problems they face.

As the holiday shopping season kicks off, retailers are preparing for an influx of payment volume from shoppers and scammers alike. Here are a few of the problems they face.

Employee exposure

Retailers may be worried about how trustworthy their temporary holiday staff is, but they should be even more concerned about their permanent workers. The number of permanent employees who accessed or sent sensitive data they should not have increased sharply to 30% in 2016 from 7% in 2015, according to IT and security professionals surveyed for Bay Dynamics' pre-holiday retail cyber risk report. By contrast, only 6% of security professionals say their temporary workers have access to personally identifiable information, and only 13% say their contractors can access that type of information.

Content Continues Below

Poor card security

Retailers should also be concerned that their point of sale terminals don't have the latest card security, making them a more appealing target for fraudsters. Overall, 37% of all U.S. merchant locations are now EMV-enabled, according to Visa. While this is huge progress from the 2015 holiday shopping season, it leaves the majority of merchants using less-secure magstripe payments. New Jersey has the highest rate of merchant adoption, but even it hasn't passed the halfway mark, with just 48% of stores chip-enabled.

Are shoppers doing their part?

Retailers may get some relief from consumers who are proactive enough about account security to activate mobile card controls, enabling them to block payments altogether or under certain conditions if they fear their card has been lost or stolen. But retailers should not simply trust consumers to use this feature. "While a niche group of security-minded consumers will use controls, the fact remains that consumers still are a bit lazy when it comes to these things, because they have very little skin in the game," said Julie Conroy, research director for Aite Group.

Speed trumps security

Another consumer attitude that could shape fraud trends is the prioritization of speed over security. In the U.S., 48% of gamers would switch payment methods if a faster, easier method came along, while 43% would switch if an alternative payment method offered better discounts, and 41% would switch if another method provided superior security, according to research by PayPal.

Content Continues Below

Web fraud to spike

Retailers are increasingly focused on driving traffic to e-commerce and mobile apps, but fraudsters are in just as big a rush to get there. Largely due to the EMV shift at the point of sale, many fraudsters are seeking to exploit account credentials online, where EMV-chip card technology adds no security. ACI Worldwide predicts that e-commerce fraud attempts will rise 12% globally this holiday season compared with last year, but in the U.S. online fraud attempts will spike much higher, reaching 43% by volume and peaking on Dec. 24.

Damaged reputation

If a breach does occur, merchants may face the unwelcome prospect of being in the headlines for weeks — if not months — for all the wrong reasons. Target and Neiman Marcus, for example, are still known for suffering well-publicized breaches during the holiday season years ago.