Technology

21 digital security tips for retailers

TechnologyApr 30, 2014

21 digital security tips for retailers

With the recent data breaches impacting major retailers and web security issues stemming from Heartbleed, National Jeweler takes a look at what jewelers can do to protect their customers. 

050114_Heartbleed-Article.jpg
Heartbleed, a security flaw in OpenSSL, a cryptographic library used to secure a large percentage of the Internet’s traffic, is the latest threat to private consumer data.

New York--The past six months have been rough for the security of private consumer information.

Target and Neiman Marcus both fell victim to massive data breaches, leaving millions of customers vulnerable. The web world was thrown into further turmoil with news of a massive security flaw in OpenSSL, the security software used on about two-thirds of all servers on the Internet.

Though no cases have yet been reported of the flaw, which is called the Heartbleed bug, being used to obtain information, its potential reach is troubling, allowing for the removal of personal and financial information without anyone’s knowledge. 

Retailers are responsible, from many standpoints, for making sure they’re doing everything they can to protect this information.

National Jeweler talked to a number of security experts--Matt Boaman of EZSolution, James Koons of Listrak, Chris Kronenthal of FreedomPay, Andrew Van Noy of Warp 9, Aaron Janowski of Wellsley Consulting and consultant to the Jewelers’ Security Alliance, and Zilvinas Bareisis of Celent--to compile the following list of tips for retailers to secure their customers’ information.

1. Monitor the information. The Heartbleed bug is invisible, so no one can establish ahead of time what information has already been compromised; instead, jewelers should be monitoring for any signs that it has been. The monitoring and response plan is key to being able to show that the company is taking all reasonable steps to keep secure the personal data that is processed.
2. Test the site. This site provides a place to plug in URLs to check if a website is vulnerable to the Heartbleed flaw.
3. Fix the problem. Contact the web host to ensure that if the web server was running one of the vulnerable versions of OpenSSL, they have updated it or patched it right away. Once that’s finished, get a new key for the site’s security certificate.
4. Communicate with customers. Advise customers not to log into the site until it’s been fixed. Once it has, tell them to reset their user passwords if they have an account through the website. They shouldn’t do so before it’s been fixed as that could open them up to more vulnerability.
5. Don’t store unnecessary information. Don’t keep any unnecessary information on a server that doesn’t need to be there. Instead, encrypt the information before sending to a credit card processor.
6. Plan ahead. Consider getting involved in organizations like the Online Trust Alliance, which advocates

that every organization handling customer data create a data management strategy and incident response plan that evaluates data from acquisition through use, storage and destruction. To help with a preparedness plan, the OTA publishes the Data Protection & Breach Readiness Planning Guide, which is updated at least every year and is available for free download here.

Data breaches also continue to be top of mind, as companies work to make sure they’ve secured their payment systems after millions of customers’ information was stolen from Target and Neiman Marcus. Target recently named a new chief information officer and security updates to show consumers it’s taking steps to protect them.

RELATED CONTENT: Target hires new CIO, announces security updates

These breaches can have numerous negative effects for a retailer.

“Whether the result of an online attack, in-store breach, internal theft, malware or accidental loss of data incident such incidents can have significant financial impact and can have devastating consequences on the value of a company’s brand,” said Koons, who is chief privacy officer at Listrak.

The National Retail Federation has since been urging Congress to overhaul the nation’s credit and debit card system, saying that banks’ insistence on a signature instead of a personal identification number, or  PIN, puts customers at risk. The organization is also urging the card industry to switch to new chip-and-PIN cards, much as Target is doing now, which would require use of a PIN instead of the signature.

There are a number of steps that jewelers can take to prevent a data breach.

1. Check the connection. Make sure that the merchant account with the banks being used to process sales is secure.
2. Check the equipment. Ensure the in-store equipment is loaded with anti-hacking, anti-virus software and/or hardware so that nothing on premises is corrupted, which is usually done by proper firewalls, data encryption and security hardware.
3. Do a double take. Double check with the credit card holder's bank for the validity and security of the credit account being used.
4. Prepare for the possibility. Security threats will always be a possibility, and businesses can’t wait until after it happens to figure out what to do. It’s necessary to have a plan to deal with security breaches and other incidents should it happen.
5. Explore all options. There isn’t one technology that will give all the protection needed against cybercrime. Follow a “layered approach” to security and use a number of tactics, including using EMV, tokenization, point-to-point encryption, and dynamic authentication, among other things.
6. Stay up-to-date.  Make sure antivirus and operating systems are up to date with the latest software updates to provide the best protection against threats.
7. Keep it off-site. Avoid storing data unless absolutely necessary. If it’s necessary, they should follow PCI Security Standards Council guidelines.
8. Be proactive. Ensure cashiers always check the customer’s identification and/or ask for the PIN.

If a data breach should occur, immediate action is necessary to help regain security, preserve evidence and protect the brand. Here are steps to follow within the first 24 hours:

9. Jot down activity. Record the date and time when the breach was discovered as well as the current date and time when the team was alerted to the breach.
10. Secure the site. If a data breach comes from inside the store, secure the premises where it occurred to preserve evidence.
11. Prevent more activity. Stop additional data loss by taking affected machines offline but do not turn them off or start investigating in the computer until professionals are there to help.
12. Take extensive notes. Document everything known about the breach so far, including who discovered it, who reported it, to whom was it reported, who else knows about it, what type of breach occurred, what was stolen, what systems are affected, what devices are missing and any other pertinent information.
13. Interview. Talk to the team members who found the breach and anyone else who may know about it and document it to get all the relevant information.
14. Get professional help. Bring in a forensics team to begin the in-depth investigation.
15. Contact law enforcement. If needed, notify law enforcement after consulting with legal counsel and the entire upper management team.

Brecken Branstratoris the senior editor, gemstones at National Jeweler, covering sourcing, pricing and other developments in the colored stone sector.

The Latest

David Ettinger
IndependentsMar 28, 2024
David Ettinger of Bechdel Jewelers Dies at 69

He’s remembered as a “font of passion,” leaving behind a legacy of dedication to his craft and community.

Jewelers of America logo
IndependentsMar 28, 2024
JA to Host Series of Learning Workshops

The first one will take place next month during the Jewelers of Louisiana’s and Mississippi Jewelers Association’s conventions.

Jaeger-LeCoultre Madison Avenue NYC store
WatchesMar 28, 2024
Peek Inside Jaeger-LeCoultre’s Revamped NYC Flagship

The redesigned boutique features interactive displays and a workshop space for hands-on learning about watchmaking.

Jewelers of America Fly In Washington, D.C.
Brought to you by
How Jewelers of America Represents Your Business

For over 30 years, JA has advocated for the industry, fought against harmful legislation and backed measures that help jewelry businesses.

Asian Star’s diamond manufacturing facility in India
SourcingMar 27, 2024
Compliance, Caution, and Concern: The Current Outlook of Indian Diamantaires

There is a willingness to comply with new government-mandated regulations, with an insistence that they should be practical and realistic.

Weekly QuizMar 28, 2024
This Week’s Quiz
Test your jewelry news knowledge with this short test.
Take the Quiz
Kira Diam solar plant
Lab-GrownMar 27, 2024
Indian Lab-Grown Diamond Manufacturers Keep Growing

A combination of factors is driving growth in the industry despite the precipitous drop in prices across the board.

Bharat Ratnam, a Mega Common Facilitation Centre (CFC)
SourcingMar 27, 2024
Reinvigorating SEEPZ, the Epicenter of India’s Studded Jewelry Exports

The zone’s modernization will enhance and increase India’s jewelry manufacturing capabilities while aiding small and mid-sized businesses.

BTYB-HoBrothers-updated.png
Brought to you by
The Scalable, Professional, and Effortless Solution for High-Demand Custom Jewelry Retailers

Ho Brothers offers scalable solutions for the future of custom jewelry.

SRK Empire and SRK House
Policies & IssuesMar 27, 2024
SRK Exports’ Journey Toward Net Zero Impact

By the end of this year, SRK’s diamond manufacturing complexes will achieve net zero emissions, one of an impressive array of achievements.

Georgia May Jagger Tommy Hilfiger ad campaign
FinancialsMar 27, 2024
Movado’s Full-Year Sales Sink 11%

The company plans to invest $25 million in marketing initiatives to boost awareness around its namesake and licensed brands.

Hand holding shopping bags
SurveysMar 27, 2024
Consumer Confidence Held Steady in March

Optimism about the current state of the economy was offset by anxiety around inflation and the political environment.

Bernadette Mack
Policies & IssuesMar 27, 2024
Mercury Free Mining Hires Bernadette Mack

The former WJA executive director is MFM’s new managing director.

April Is Diamonds Do Good Month
Policies & IssuesMar 27, 2024
Diamonds Do Good Announces Its April Initiative

DDG encourages retailers to educate customers on the positive impact of purchasing natural diamonds.

Tiffany & Co. With Love, Since 1837
MajorsMar 26, 2024
Tiffany & Co. Debuts ‘With Love, Since 1837’ Campaign

Highlighting the most iconic Tiffany collections, it’s inspired by the company’s late window designer, Gene Moore.

National Jeweler columnists Duvall O’Steen and Jen Cullen Williams
ColumnistsMar 26, 2024
Creative Connecting: AI Tools and Tips for Social Media

Jen Cullen Williams and Duvall O’Steen explore how jewelers can save time and money by using AI to analyze engagement and create content.

Nordstrom Men’s Store New York City
MajorsMar 26, 2024
Nordstrom May Go Private, Says Report

The retailer previously turned down an $8.4 billion offer in 2018.

Interior of Miami Lakes Jewelers
IndependentsMar 26, 2024
Miami Lakes Jewelers to Close After 37 Years

The Florida store’s owner Miguel Gonzalez is retiring.

 International Gemological Institute
GradingMar 26, 2024
IGI Announces Tech for ID’ing Lab-Grown Colored Diamonds

The lab stresses the importance of accurate identification, as the difference in price is “substantial.”

Kendra Scott lab-grown diamond jewelry
CollectionsMar 25, 2024
Kendra Scott Debuts Lab-Grown Diamond Fashion Jewelry

The brand also plans to expand its retail footprint from 138 to 200 stores over the next three years.

Instappraise logo NAJA logo
Events & AwardsMar 25, 2024
NAJA, Instappraise Offering Scholarships for Aspiring Jewelry Appraisers

One is reserved for a NAJA member, the other for a non-member.

Carie Lehrke and Megan Mattice
MajorsMar 25, 2024
Borsheims Announces New VP of HR, Assistant Manager

Longtime employees Carie Lehrke and Megan Mattice have received promotions.

My Next Question graphic vintage jewelry webinar
Recorded WebinarsMar 22, 2024
Watch: How to Buy and Sell Vintage Jewelry

Three guests joined National Jeweler and Jewelers of America to discuss trending time periods, spotting reproductions, and more.

Chris Clipper and Robert Lepere
MajorsMar 22, 2024
David Yurman Announces New CFO, Chief People Officer

Chris Clipper and Robert Lepere join the company with 50 years of combined experience.

Nakard pyrite earrings
CollectionsMar 22, 2024
Piece of the Week: Nakard’s Pyrite Earrings

The trendy, metallic earrings wink at classic spring colors.

Stock image of police cars with their lights on
CrimeMar 21, 2024
Sparks Fly as Burglars Lose Safe on California Freeway

JSA said a man and woman pulled the safe out of an Oakland jewelry store but couldn’t quite get it into their van.

Grizzly Mining rough emeralds
SourcingMar 21, 2024
Grizzly Sells 4,145-Carat Emerald for Over $1M

The miner’s March auction generated $19 million.

Helen McCluskey
MajorsMar 21, 2024
Signet Jewelers Names New Board Chair

Helen McCluskey will succeed H. Todd Stitzer when he meets his 12-year term limit in June.

×

This site uses cookies to give you the best online experience. By continuing to use & browse this site, we assume you agree to our Privacy Policy