Business Trends


10 04 2016

10 04 2016

The Need For Robust Cybersecurity In The Retail Industry

The only thing spookier than the upcoming Halloween season is the cyberthreat landscape facing modern retailers.

In the past 12 months, cyberattacks have rattled retailers big and small – but especially small. According to research from First Data, 90 percent of cybersecurity breaches impact small businesses. The average cost of these breaches is $36,000, but can reach as much as $50,000.

But wait, it get’s worse …

While holiday seasons (Halloween, Thanksgiving and Christmas) are certainly times of plenty for retailers who play their cards right, they also have the potential to go horribly wrong. The reason, according to DARKReading contributor Sara Peters, is that the spike in commerce draws just as much attention from hackers and fraudsters as it does from shoppers. Some of the potential threats that retailers need to look out for year round, but especially during the holiday seasons, include the following:

  • Point-of-sale malware: There are so many devastating strains of POS malware (CherryPicker, Abaddon POS, CenterPOS, RawPOS, BlackPOS – the list goes on and on), and only so much that can be done to stop them from scraping away at your customers’ payment card data. If you haven’t deployed EMV card readers, we highly encourage you to do so. While they won’t necessarily guarantee the security of your customers’ payment data, they’re inherently more secure than magnetic stripe processors, and they will shield you from liability.
  • Unauthorized endpoint access: During the mayhem that is Black Friday or the weekend before Christmas, shoppers will be busting down the doors, requiring stores to keep all hands on deck. During this time, it’s essential that all store endpoints (i.e. computers, mobile POS terminals, etc) are safeguarded. All it takes is one bad actor with a malware-filled flash drive getting too close during the chaos to send your entire IT environment crashing down.
  • POS skimmers: More or less, these are exactly what they sound like. Often, companies that market second-hands, users or bargain card readers will end up selling you rigged payments processors, which means it’s in your best interest to fights off the urge to be overly frugal. Unfortunately, not even that can protect you. Some of these nasty little devices can be installed in mere seconds, according to security reporter Brian Krebs. He added that these types of skimmers are “an enticing buy for a crooked employee.” What better time to start gathering payment data than during the holiday rush?
  • Ecommerce fraud: It’s not just your brick-and-mortar assets that are in jeopardy. Hackers have been known to use a clever tactic called a SQL injection to exploit weaknesses in e-commerce solutions. Basically, cybercriminals enter code into an data input entry fields (which are how customers interact with the website) on an online store as a way of triggering certain commands on the backend that can ultimately be used to establish admin rights. From here, cybercriminals who know what they’re doing can wiggle their way into your company’s databases.
  • DDOS: This stands for distributed denial of service, and it does the same thing to your business’s website that 5 o’clock traffic does to an interstate with two of its three lanes shut down. Using botnets (fake web users), cyberattackers will funnel massive amounts of traffic to an e-commerce platform, basically causing it to crash from too much traffic, resulting in a complete profit standstill. Often, hackers will do this with extortion in mind. Until they get paid, they’ll keep on dispatching their botnets. During the holiday season, especially on a busy shopping day like Cyber Monday, hackers’ work is already halfway done for them thanks to all those bargain hungry web users.

…So where does that leave your small business?

The good news here is that there are plenty of ways to mitigate most of these risks. Point-of-sale malware, for instance, can be kept at bay through frequent system restores of the computers being used as platforms for a POS system.

More importantly, do everything in your power to make sure those POS systems are EMV enabled, even it means having to take out a small business loan. A PCI liability shift that occurred Oct. 1, 2015, changed the rules of the retail game: If your customers’ payment data is stolen as a result of a breach on your system, and you haven’t provided the option of EMV, you’ll be accountable for those losses, and they will hurt.

As for unauthorized endpoint access, properly protect your devices with authentication. Use advanced passwords that incorporate letters, numbers and special characters, and change them once a month or more. Never leave a mobile POS unattended, even for a second. As for POS skimmers, don’t buy cheap payment processors.

And finally, to protect your e-commerce assets, make sure you encrypt all of your website data, all the time. Redundancy (in the form of backup servers) can also help in the event of a DDOS attack. Additionally, be sure to deploy firewalls, web gateways and anti-spam software.

The time to fortify your small business is now. Contact an alternative lender, and get the merchant capital you need to stay safe during the upcoming holiday seasons.


Find Out How Much Funding You Qualify For

Fields marked with an * are required
By clicking this button I agree to all terms and conditions.

Terms & Conditions

General Acceptance

Any applications submitted electronically shall have the same force and effect as if the application bore an inked original signature(s). The above information, together with any accompanying financial statements, schedules, or other materials, is submitted for the purpose of obtaining credit and is warranted to be true, correct, and complete.


US Patriot Act:

To help the government fight the funding of terrorism and money laundering activities, Federal law requires all financial institutions to obtain, verify, and record information that identifies each person and business that seeks a business loan. What this means for you: When you apply for a loan, we will ask for your business name, address, and Tax Identification Number. We will also ask for your name, address, date of birth, and other information that will allow us to identify you. We may also ask to see your driver’s license or other identifying documents.


For Loan/Merchant Services:

The Merchant and Owner(s)/Officer(s) identified in the application (individually, an “Applicant”) each represents, acknowledges and agrees that (1) all information and documents provided to National Funding, Inc. (“NF”) including credit card processor statements are true, accurate and complete, (2) Applicant will immediately notify NF of any change in such information or financial condition, (3) Applicant authorizes NF to disclose all information and documents that NF may obtain including credit reports to other persons or entities (collectively, “Assignees”) that may be involved with or acquire commercial loans having daily repayment features and/or Merchant Cash Advance transactions, including without limitation the application therefor (collectively, “Transactions”) and each Assignee is authorized to use such information and documents, and share such information and documents with other Assignees, in connection with potential Transactions, (4) each Assignee will rely upon the accuracy and completeness of such information and documents, (5) NF, Assignees, and each of their representatives, successors, assigns and designees (collectively, “Recipients”) are authorized to request and receive any investigative reports, credit reports, statements from creditors or financial institutions, verification of information, or any other information that a Recipient deems necessary, (6) Applicant waives and releases any claims against Recipients and any information-providers arising from any act or omission relating to the requesting, receiving or release of information, and (7) each Owner/Officer represents that he or she is authorized to sign this form on behalf of Merchant.(8) I consent to receive direct mail, faxes, text-messages, and e-mails sent by National Funding and its affiliates for the purposes of transmitting account updates, requests for information and notices, and (9) this request is for business and not for consumer purposes.


For Equipment Services:

I hereby certify: (1) the information provided is true and correct, (2) you are hereby authorized to investigate all bank, credit, and trade references, and said references are hereby authorized to release any requested information to you or your nominee, (3) such authorization shall extend to obtaining personal credit profile in considering this application and subsequently for the purposes of update, renewal or extension of such credit or additional credit and for reviewing or collecting the resulting account, (4) this information may be transmitted by us to you and by you to underwriter(s) for the purpose of granting me credit, either electronically or manually, and that by submitting this application, I take full responsibility for transmission thereof, (5) I am over 18 years of age, (6) I acknowledge my rights under the Fair Credit Reporting Act, (7) I consent to receive direct mail, faxes, text-messages, and e-mails sent by National Funding and its affiliates for the purposes of transmitting account updates, requests for information and notices, and (8) this request is for business and not for consumer purposes.


Text Messaging:

By providing my wireless phone number to National Funding, Inc., I agree and acknowledge that National Funding, Inc. may send text and multimedia messages to my wireless phone number for any purpose. I agree that these text or multimedia messages may be regarding the products and/or services that I have previously purchased and products and/or services that National Funding, Inc. may market to me. I acknowledge that this consent may be removed at my request but that until such consent is revoked, I may receive text or multimedia messages from National Funding, Inc to my wireless phone number.

The Federal Equal Credit Opportunity Act prohibits creditors from discriminating against credit applicants on the basis of race, color, religion, national origin, sex, marital status or age (provided the applicant has the capacity to enter into the binding contract); because all or part of the applicant’s income derives from any public assistance program; or because the applicant has in good faith exercised any right under the Consumer Credit Protection Act. If for any reason your application for business credit is denied, you have the right to a written statement of the specific reasons for the denial. To obtain the statement, please write to National Funding Inc., 9820 Towne Centre Drive, San Diego, California 92121. Funding amount and credit approval is subject to a full credit profile review.