2023 saw a new record for UK retail sales, and not a good one. Last year, more than 16 million shoplifting incidents were registered. This is more than double the previous year and costs retailers £1.8 billion; losses in the first year exceed £1 billion.
How can retailers stop shoplifting? There are many things they can do as individuals. Increased store patrols, CCTV and security tags can all help. But if reports are to be believed, it is not only opportunistic shoplifting that is increasing. Organized theft is also much more common, where instead of one person secretly hiding an item, gangs target a store and sometimes nearly empty it.
The problem is so serious that the government and police have intervened, with an initiative they have codenamed “Pegasus.” By coordinating shoplifting reports and the use of police databases, the aim is to gather enough information so that police can target and shut down organized crime gangs.
Alarms and security tags can deter the casual shoplifter, but preventing organized gangs requires cooperation. Online retailers must take this into account.
Cyber Intelligence leader, Cyjax.
Keeping cybercrime under control
It is understandable that companies of all types are silent about the cybercrime they face. No company wants to advertise that it is vulnerable to attack as this could trigger further attacks. Companies want to keep their reputation intact and do not want people to ask whether they can be trusted after a hack. While there may be regulatory disclosures that cannot be avoided, many companies will do everything they can to keep cybercrime quiet.
This is even more true for customer-facing businesses, such as online retailers. Whatever the reality of built-in payment gateways, secure customer authentication and PCI compliance, customers rely on online retailers to keep their data safe. If they feel that a site has been compromised or is regularly subject to cyber attacks, this can affect customer loyalty, or even customers visiting the site in the first place. It’s not a misplaced fear. One study found that 59% of consumers would stop shopping at a retailer if it fell victim to a cyberattack.
There is undoubtedly a problem with unreported cybercrime, but it is clearly difficult to identify and figures are difficult to come by. A consumer survey showed that only 16.6% of fraud is reported. While this is difficult to translate directly to retailers, it does indicate that there is a reluctance to report cybercrime where it can be avoided.
Honesty and cooperation
Which cybercrime affects online retailers the most? In addition to the attempts to infiltrate systems, as with any business, there are also account takeovers, ransomware, card hacking, and other payment fraud attempts. There are also more sophisticated attacks that involve buying up restricted shares using bots and reselling them on third-party sites.
What these attacks have in common is organization: they involve a group using tools to target online retailers, or selling access to tools to do so. For example, many account takeovers use ‘combination lists’ of emails and passwords stolen from elsewhere, leaving anyone who reuses a password vulnerable. Card cracking is the use of lists of payment card numbers to do the same thing. This information is stolen and sold on dark websites, often by professional hacker groups. Many sophisticated attacks use bots, created by organized gangs that use or rent them. Ransomware attacks are launched by groups that often brag about their success.
Organization means a need for structure and communication, usually on the dark web. The relative secrecy and anonymity that these groups can enjoy in this space – not to mention the safety from law enforcement – means that plans can be discussed relatively openly and attacks launched without warning.
We cannot expect a retailer to monitor all these activities. But what they can do is work together. By being open about the cyber attacks they experience, others can gain insight into what they may be missing or can expect soon. By working together on ways to share information, both internally and externally, every company will be better prepared.
When a retailer falls victim to a cyber attack, a perfectly reasonable response is to think: I’m glad it wasn’t us. But a better answer is: what happens if it’s us? Just as retailers work together to stem the tide of shoplifting, they must work together to defeat the gangs doing the same thing online.
Clutch!
This article was produced as part of Ny BreakingPro’s Expert Insights channel, where we profile the best and brightest minds in today’s technology industry. The views expressed here are those of the author and are not necessarily those of Ny BreakingPro or Future plc. If you are interested in contributing, you can read more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro