skip to content
Contact
Click to open search Open mobile navigation menu Close mobile navigation menu
Home

7 cybersecurity risks for retailers

Published: July 11, 2019
Updated: July 11, 2019
Infographic

As e-commerce grows and retailers collect an increasing amount of personal and financial data from consumers, the retail industry has become a prime target for cybercriminals.

The consequences of a cyberattack can be devastating. A breach can lead to financial losses, business disruption, and reputation damage. Even worse — you may lose customers due to mistrust and/or higher prices that result from accounting for losses. Retailers must be able to minimize losses and downtime, safeguard customer data, and resume normal business operations as quickly as possible.

Today, it's not a matter of if a cyber breach will occur — it's a matter of when. Preparation and vigilance are vital to protect your business, your employees, and your customers. Learn more about cybersecurity risks for retailers below, as well as critical strategies for prevention.

7 cybersecurity risks for retailers

In Canada, 21% of businesses have experienced a cybersecurity incident that affected operations.1

These seven risks can affect retailers from a financial, operational, and customer experience perspective.

credit card

1. Online refund fraud

Perpetrators create a fake receipt, claim ordered goods never arrived, or use a stolen credit card for an online purchase — then request a refund or exchange.

Financial & operational impact
  • Financial loss
  • Loss of goods
  • Lost staff time
Customer experience impact
  • Inaccurate inventory
  • Potential stock-outs
wifi signal

2. IoT devices/retail hardware

Hackers gain access to connected retail hardware (order shipment trackers, inventory management software, etc.) to infiltrate a retailer’s system

Financial & operational impact
  • Network/system exposure
  • Business/product information breach
Customer experience impact
  • Inaccurate inventory
  • Customer data exposure
  • Negative branding/ consumer mistrust

$81 is the average cost per compromised record of a data breach in Canada.2

avatars in a circle

3. Third-party vendors

Fraud or cybersecurity breaches occur with vendors who provide operational/digital services, which then compromise a retailer’s systems. In some cases, phony vendors target retailers.

Financial & operational impact
  • Financial loss
  • Reputation damage
Customer experience impact
  • Customer data exposure
  • Poor shopping experience if in-store systems are affected
finger with security sign

4. POS skimming

Perpetrators use point of sale (POS) machines to copy customers' debit or credit cards. Malware or fraudulent POS machines may be used.

Financial & operational impact
  • Reputation damage
  • Business and IT disruption
Customer experience impact
  • Exposed banking information/theft
  • Customer mistrust
envelope pierced by a fishing hook

5. Phishing/spoofing attacks

Cybercriminals impersonate a retailer, customer, or supplier and email phishing links to employees and customers to steal money or implant malware. This is especially common during the holiday shopping season.

Financial & operational impact
  • Financial loss
  • Business and IT disruption
Customer experience impact
  • Customer data exposure
  • Poor shopping experience due to ensuing security measures

30% of phishing emails get opened.3

credit card with security badge

6. Gift card hacks

Perpetrators tamper with gift cards or use bots to crack the combinations, and use them to make purchases.

Financial & operational impact
  • Financial loss
  • Reputational damage
Customer experience impact
  • Customer data exposure
  • Poor shopping experience
phone with exclamation mark

7. Mobile app hacks

Hackers target vulnerabilities in a retailer's mobile app to gain control of it and potentially access confidential business or customer information.

Financial & operational impact
  • Compliance penalties for loss of customer information
  • Financial losses to repair mobile app
Customer experience impact
  • Customer data exposure
  • Poor shopping experience

150M users were affected after the breach of a U.S. retailer’s mobile app in 2018.4

Sources:

1. https://www150.statcan.gc.ca/n1/daily-quotidien/181015/dq181015a-eng.htm 
2. https://www.ibm.com/security/data-breach
3. https://enterprise.verizon.com/resources/reports/dbir/
4. https://www.forbes.com/sites/paullamkin/2018/03/30/under-armour-admits-huge-myfitnesspal-data-hack/#2517b1e6cc54

How can retailers protect against cyberattacks?

A cybersecurity program is no longer a nice-to-have, it’s a business essential for all retailers — but it’s not easy to do alone. The BDO team can work with you to assess your cybersecurity vulnerabilities, to create a proactive plan that includes:

  • Strong returns policies and security policies
  • Employee training on cyber threats and information security
  • Financial audits
  • IT controls audits
  • Vulnerability assessments
  • Social media audits
  • Penetration tests
  • Privacy audits
  • Vendor risk management audits
  • Payment card industry data security standard (PCI-DSS) assessments 
  • Cyber crisis management and recovery plans

Contact us today for a cybersecurity review

This site uses cookies to provide you with a more responsive and personalised service. By using this site you agree to our use of cookies. Please read our privacy statement for more information on the cookies we use and how to delete or block them.

Accept and close