Cybercrime is on the rise across the retail and hospitality industries. Back in 2021, even as the retail sector was reeling from the COVID-19 pandemic, cyberattacks on retailers leapt 30% compared to before the pandemic. The number of large-scale data breaches recorded by retailers in the whole of 2022 was then eclipsed in just the first three quarters of 2023.
From the Marriott Hotel Group being fined £18.4m for one of the highest profile data breaches of recent years, to JD Sports suffering a cyber attack that exposed 10 million customer records, there are plenty of examples of retail and hospitality companies being firmly in cyber criminals’ sights.
Yet both sectors have been been accused of not taking the risk seriously. A government report found that 58% of food and hospitality businesses consider cybersecurity a high priority, compared to 71% of businesses overall. A study from law firm Irwin Mitchell, meanwhile, found that large retailers referenced cybersecurity in their risk strategies far less frequently than peers in other industries.
This comparative lack of concern overlooks the fact that retail and hospitality businesses have one thing that makes them a very lucrative target for cyber criminals – a POS system. And no, it’s not the fact that POS systems process payments that draw unwanted attention. Payment platforms by law have to comply with the most rigorous security standards.
It’s the fact that, in the quest to gather usable data that helps businesses understand their customers better, modern POS systems gather huge amounts of personal data on customers. This is the prize hackers and digital scammers are after when they target retail and hospitality businesses. And in many cases, the protections businesses have in place aren’t up to scratch.
What are the risks to POS systems?
As time goes on, the tactics used by cyber criminals to hack into company systems get more and more sophisticated, including the growing use of AI tools. But hackers are also able to take advantage of several common weaknesses that arise when POS security isn’t properly managed. These include:
- Out-of-date security: Many businesses fail to keep up with system updates and new security patches, leaving out-of-date protections that are more vulnerable to attacks. This was how the infamous WannaCry ransomwarespread, exploiting a vulnerability in older, unpatched versions of Microsoft Windows. A similar attack has recently been discovered wreaking havoc through vulnerable Windows drivers, mostly in China.
- Poor authentication controls: From WiFi routers to self-service kiosks, public-facing touchpoints in a business can provide easy entry points for cybercriminals if they don’t have robust enough authentication controls managing access to other parts of the system.
- Fragmented technology stacks: For larger businesses running POS systems at multiple locations, a big problem is that there might be a lot of different devices and software connected together, but without an overarching security strategy. This inevitably leads to inconsistencies in protection, and cyber criminals are masters at finding and exploiting gaps.
- Loyalty scheme fraud: Finally, while hugely beneficial to businesses for customer retention and maximising lifetime customer value, loyalty schemes have become a particular target for cyber crime. This is partly because the schemes involve holding detailed sets of personally identifying data on every participant, which is very attractive for anyone involved in identity theft. And criminals can also exploit the schemes themselves for direct financial benefit, such as fraudulently claiming rewards on fake accounts.
Given the level of risk and the number of vulnerabilities, customer-facing businesses simply must take POS security seriously, or risk considerable financial and reputational damage. In our next blog, we’ll look at what you can do to improve protection for your POS systems
To find out more about our POS range, contact the Oxhoo team today.