Securing Retail and POS Endpoints Efficiently
With physical retail re-opening, large retailers with hundreds or thousands of locations are rethinking their security strategies, especially when it comes to Point-of-Sale (POS) systems.
Retailers need reliable, resilient networks, as downtime leads to slow checkout lines and unhappy customers.
An estimated 1 out of 3 shoppers will leave if they must wait more than 5 minutes, and some will never come back, according to CompuCom’s Beating the High Cost of Retail Technology Downtime.
When networks are brought to their knees, including as part of ransomware threats, the effects are catastrophic, leading to missed sales and issues with inventory databases, security systems, point-of-sale systems, and even digital signage.
Every outage impacts hard-won customer loyalty and employee productivity and can level major blows against brands (for example, the massive Target hack, which resulted in millions of customer records being compromised).
According to ITIC’s 2017 Reliability and Hourly Cost of Downtime Trends Survey, 98% of businesses with at least 1,000 employees say that, on average, a single hour of downtime per year costs them more than $100,000.
A stunning 33% report that an hour of downtime can cost their company over $1 million.
Another study, The Cost of Downtime: Beyond the Bottom Line, surveyed retail managers and supervisors regarding business productivity and sales related to connectivity.
Here are a few of the findings from that study:
- 81% have downtime at least once a year
- 87% must wait up to 4 hours for support after an outage
- 61% cannot process credit cards during an outage
- 82% report that network downtime leads to negative customer reviews
- 36% believe they are more vulnerable to security breaches during an outage
Add to this the mandate for digital transformation, which brings “bricks and mortar” retail closer to eCommerce with a cross-over of customer data being collected to provide personalized services, including shopping recommendations.
This is causing retailers to move more to the cloud services, with software-defined wide-area networking (SD-WAN) replacing expensive, locked-in MPLS contracts with more flexibility, control, and less costs.
While connectivity continues to improve with greater bandwidth available at more affordable prices, the last mile problem continues to challenge retailers.
The last mile is the final segment of the IP network that connects retail stores, data centers, distribution centers, and supply chain partners and has proven to be the weakest link in the chain for decades.
Last-mile bottlenecks can leave retailers exposed to attacks making uninterrupted Internet connectivity impossible, especially when it comes to security.
We caught up with Chris Swan, Chief Revenue Officer at Dispersive, about the challenges they are seeing in the payments and financial services industries.
“The attack surfaces for both physical and digital retail point-of-sale and e-commerce industries are growing,” Swan said. “We’ve seen that with breaches of top retailers in the U.S. including Macy’s and Target, when adversaries were able to steal customers’ personal and payment information, exposing hundreds of millions of customer records. Cybersecurity is higher on the C-suite’s list of priorities than it has ever been, standing alongside another high priority – customer experience.”
Swan said most POS and e-commerce payments system attacks could be avoided, including moving beyond traditional VPNs to security embedded in networking that leverages the scale and resilience of the Internet while also ensuring private IP networks are, in fact, private.
“Today, we can speed up the performance of payment systems networks, while we make them more secure, including preventing Man-in-the-Middle attacks, so data in motion is also protected,” Swan said. “Having every POS endpoint registered to the network, and every employee device registered to the network means retailers have greater visibility and control, which legacy approaches don’t provide.”
Swan explained that true point-to-point encryption and programmable capabilities associated with software-defined networks are available at costs lower than traditional MPLS and VPN networks, which have been part of the payments industry’s fabric for decades. “We see Gartner’s SASE approach as a breakthrough for the financial services industry, including retail POS and e-commerce,” Swan said.
Secure access service edge, or SASE (pronounced “sassy”), is an emerging cybersecurity concept that Gartner described in the August 2019 report,” The Future of Network Security.”
SASE is the convergence of WAN (wide area networking) and Network Security Services into a single, cloud-delivered service model.
Instead of managing network and security separately, SASE simplifies and unifies these efforts while solving the scaling, security, flexibility, performance, and cost containment challenges networks and enterprises will face while attempting to manage the explosion of data, computing, people, groups (branch offices), applications, services, IoT systems, and edge computing entities accessing their digital assets from any device on any network, public and private.
Swan also touched upon the importance of compliance with the Payment Card Industry Data Security Standard (PCI DSS) across all card readers, networks, routers, servers, online shopping carts, and more. The PCI Security Standards Council suggests companies actively monitor and take inventory of IT assets and business processes to detect any vulnerability.
“Like every industry, physical and digital retail is changing, and top companies are finding ways to converge their investments in technology and security with their investments in providing great experiences to customers, including faster check-outs as generations of customers are demanding instant gratification,” Swan said. “With the right secure networking strategy and technologies in place, retailers can bring greater assurances that their customers and their businesses are secure at the evolving retail edge and that adding security doesn’t mean slowing down service – in fact, both can be achieved in parallel.”