Do you have concerns when it comes to online shopping? You’re not alone. With all of the big retailers that have announced security breaches in the past year, it’s easy to be paranoid when it comes to giving up sensitive bank account data and other personal records. However, the majority of these breaches did not involve online shopping.

Let’s take a look at a few incidences that impacted really well-known retailers recently. Supervalue Inc. (SVU) which runs Albertson’s grocery stores announced in August of this year that, “it experienced a criminal intrusion into the portion of its computer network that processes payment card transactions for some of its retail food stores, including some of its associated stand-alone liquor stores.” The breach was isolated to point-of-sale systems (POS) in-store and was not detected for almost a full month. An additional intrusion was discovered in the form of installed malware, again only impacting POS systems.

SVU took immediate steps to mitigate the damages and dutifully notified the public as well as providing resources for customers to monitor their accounts.

The massive data breach of Home Depot was not handled as smoothly during their crisis. Yet again, the compromise only impacted brick and mortar stores. Their online presence, was unaffected although they received some harsh criticism in the press for seemingly aloof responses from leadership. The hackers gained access to their internal structure through an outside vendor’s system credentials. The insidious nature of smart hackers is, once they gain access, they will systematically create back doors within the system so they have a point of reentry even if they are detected.

As recently as December 5th, 2014, Bebe clothing store announced a security breach, again, limited to in-store purchases, not online purchases. Little has been released as of yet but the infiltration was in progress for almost 3 weeks of the holiday purchasing season.

Why are brick and mortar stores more susceptible to security breaches? According to Ken Coburn, founder and CEO of Data Doctors, “stolen online credit-card information only can be used online, while the data stolen a cash registers allows criminals to create counterfeit credit cards that can be used anywhere.”

Often, the criminal will purchase gift cards and items that can be resold quickly on sites like eBay and Craigslist. Purchasing an expensive item online often requires that the shipping address is the same as the billing address and not very many thieves want to camp out on their victim’s porch waiting for the mailman to arrive. Even the savvier minded criminals that use a “drop house” must still employ mules to move the merchandise once it’s delivered thus cutting down on the profit.

Is it totally safe to shop online? Of course not, any arena where a lot of money is to be made will remain vulnerable, but the public seems to have become slightly desensitized to the entire problem presented by data breach. According to a recent article on by Daniel Humphries, the half-life of the negative pallor cast upon retailers that are subject to hacks is greatly diminishing. In fact, the massive eBay breach exposing 145 million user records in May of this year is hardly remembered. 77% of survey responders were not even aware it happened. Were you?



Leave a Reply