Whitepaper • 05.12.2019

Protect yourself!

8 security best practices for retailers

The retail industry is a favorite target of cyber attackers. Hackers know a successful attack on a retailer can give them access to the data of thousands or even millions of payment cardholders. Cybercriminals can sell that data for a tidy profit to other criminals on the dark web who use it for fraud, identity theft, and phishing attacks. Cybercrime is big business; it’s projected to cause damages of $6 trillion by 2021 on organizations of all types and sizes.

When it comes to cyber threats, retailers have a lot at stake. They operate on thin margins and have to protect their brands. A breach that compromises the private information of customers can erode trust, prompting many to take their business elsewhere. Nineteen percent of consumers in a KPMG study said they would stop shopping at a retailer following a breach, and 33 percent said they would do so temporarily.

Logo: APG Cash Drawer

APG Cash Drawer

4 The Drove
BN9 0LA Newhaven
advertising banner for the whitepaper on security best practices for retailers...
More information on each security best practice in the APG whitepaper.
Source: APG

A strong cybersecurity posture, therefore, isn’t optional for retailers. It is an absolute must. Retailers that fail to take proper measures to secure customer data, as well as their own, risk being penalized if a breach is found to have been caused by noncompliance of relevant regulations. For many retailers – especially smaller, independent shops – security is a big challenge because they lack the requisite skills and knowledge, in which case they must seek help from solution providers that can implement security solutions to protect them. A comprehensive retail security strategy (whitepaper) must include the following eight components:

1. POS security

Retailers live and die by their POS systems. Unsecured POS software and hardware such as card readers and receipt printers can cause serious problems

2. e-Commerce protection

Retailers must protect their online storefronts as zealously as they do physical POS stations. As with the POS, PCI regulations apply to online transactions, so retailers must ensure that they have the proper controls in place to protect web shoppers.

3. User authentication

Reliable user authentication policies are critical in two primary ways: to ensure that internal users follow security protocols and to accurately identify customers. Both require strong authentication practices.

4. Endpoint monitoring

In the past, deploying antivirus (AV) software may have been sufficient to protect endpoints, but that is no longer the case. AV typically focuses only on known threats and cannot defend against newly introduced malware strands. This is why businesses need a combination of 24/7 endpoint monitoring and data analytics to defend against all kinds of threats.

5. Email protection

Many cyberattacks originate with phishing emails, and most ransomware infections start with a user clicking an infected URL or attachment. Phishing works because it preys on fear and curiosity by making emails look like they are coming from a legitimate source and persuading users to click on the URL or attachment.

6. Wi-Fi network/communications

Retailers increasingly offer Wi-Fi connections to customers in stores as a convenience – and to capture customer information for marketing purposes. However, Wi-Fi networks open to the public should be separate from those used for business functions such as inventory, HR, and POS.

7. Surveillance systems

In addition to protecting their digital assets, retailers have to secure physical stores to prevent shoplifting, fraud, and employee theft at the POS. Deploying a surveillance system with CCTV or IP-connected cameras not only helps to secure physical spaces but also acts as a crime deterrent.

8. Business continuity

No security strategy is complete without a business continuity plan. If a business suffers a cyberattack or physical operations are interrupted by a natural disaster, a company needs to resume operations as quickly as possible. A data backup and recovery strategy are central to business continuity plans.


Retailers cannot afford to be lax with security, be it in physical spaces, their IT networks, or websites. It can take a long time to recover from a security breach, especially if customers lose trust in the company. Digital theft, data breaches, and security related to new payment methods erode a consumer’s trust in a brand, making security a business essential.

For more information on these eight tips on security see the complete whitepaper on security best practices for retailers.

related articles:

popular articles:

Thumbnail-Photo: Smart digital labels and pricing automation
07.02.2020   #displays #electronic shelf labels (ESL)

Smart digital labels and pricing automation

SES-imagotag at EuroShop 2020

For 25 years, SES-imagotag has been the trusted partner of retailers for in-store digital technology. SES-imagotag, the worldwide leader in smart digital labels and pricing automation, has developed a comprehensive IoT and digital platform that ...

Thumbnail-Photo: Compact for security
17.01.2020   #security #shopfitting

Compact for security

A new security antenna system specifically designed for convenience stores

Retail security systems to prevent theft are a big concern for retailers. Large supermarkets and clothing stores install EAS antennas at the entrance and/or exit areas. Installing this type of feature proves more challenging for stores with a ...

Thumbnail-Photo: Password? No need!
09.03.2020   #mobile payment #security

Password? No need!

Interview with Dr. Daniel Schellenberg, COO of IDEE GmbH

Do you have an existing user account? Did you forget your password? No doubt, those are some annoying questions when you shop online. The brains behind IDEE agree and leverage your "digital identity" to make surfing and online shopping ...

Thumbnail-Photo: Cloud access control for retail companies
27.01.2020   #security #security management

Cloud access control for retail companies

SALTO KS Keys as a Service: Manage access wire-free and in real-time

With SALTO KS Keys as a Service, all types of wholesalers and retailers, chain restaurants and banks can manage access to all shops, locations, offices and warehouses/storage rooms wire-free and in real-time. This enhances loss prevention, helps to ...

Thumbnail-Photo: Collaboration of Hobbii.dk with Delfi Technologies...
01.04.2020   #electronic shelf labels (ESL) #electric displays

Collaboration of Hobbii.dk with Delfi Technologies

Danish e-commerce company has found the recipe for physical stores

In August 2019, the popular e-commerce store, Hobbii.dk, opened its first physical store in Roskilde. Within the next three years, the yarn store expects to open another 60 stores. The store universe must be the same offline as well as online - a ...

Thumbnail-Photo: Effective and Independent
12.02.2020   #epos systems #cashpoints

Effective and Independent

Present and future of self-checkout

Better use of personnel, lowering overhead costs while still providing customers with a smooth and seamless shopping experience – that’s what every retailer strives to accomplish. For Thomas Dibbern, CEO of ALMEX GmbH, there is an ...

Thumbnail-Photo: Digital tool helps MENY in the fight against food waste...
13.02.2020   #sustainability #app

Digital tool helps MENY in the fight against food waste

Printing discount labels directly from the app

After a convincing test, Dagrofa rolls out the food waste app ‘Whywaste’ in all the Danish MENY stores. At MENY in Solrød, the store has already managed to achieve a significant reduction in food waste. In addition to the app, the ...

Thumbnail-Photo: Toshiba demonstrates the future of shopping at EuroShop 2020...
13.02.2020   #self-checkout systems #Trade fair special EuroShop 2020

Toshiba demonstrates the future of shopping at EuroShop 2020

Toshiba spotlights innovations enabling retailers to create “moments that inspire”

Toshiba Global Commerce Solutions offers EuroShop 2020 attendees a look into the future via its ‘Frictionless Store’, Feb. 16-20, hall 6 booth C41 in Düsseldorf, Germany. Toshiba’s innovative solutions enable retailers to ...

Thumbnail-Photo: Cutting through the tax jungle
25.02.2020   #online trading #e-commerce

Cutting through the tax jungle

Startup helps online retailers to be fully compliant with European VAT regulations

Anyone who sells goods online is obliged to pay value-added tax (VAT). The amount depends on the respective national regulations. But what happens if you have cross-border exports and transactions? How much VAT do sellers have to pay in this case ...

Thumbnail-Photo: Light up the future with Posiflex at EuroShop 2020...
11.02.2020   #kiosk terminals #Trade fair special EuroShop 2020

Light up the future with Posiflex at EuroShop 2020

Serviced IoT solutions: personalized, flexible and connected

The Posiflex Group, a synergy of world-leading POS, kiosk, and industrial computing technologies — will bring its Serviced IoT solutions to EuroShop 2020, the leading Europe trade fair for the retail industry, from February 16th – 20th ...


APG Cash Drawer
APG Cash Drawer
4 The Drove
BN9 0LA Newhaven
POS TUNING Udo Voßhenrich GmbH & Co KG
POS TUNING Udo Voßhenrich GmbH & Co KG
Am Zubringer 8
32107 Bad Salzuflen
Diebold Nixdorf
Diebold Nixdorf
Heinz-Nixdorf-Ring 1
33106 Paderborn
VR Payment GmbH
VR Payment GmbH
Saonestraße 3a
60528 Frankfurt am Main
Frost-Trol s.a.
Frost-Trol s.a.
Ctra. Valencia-Barcelona, km. 68,9
12080 Castellon
Adasys GmbH – a Poindus Company
Adasys GmbH – a Poindus Company
Max-Planck-Straße 10
70806 Kornwestheim
SES-imagotag Deutschland GmbH
SES-imagotag Deutschland GmbH
Bundesstraße 16
77955 Ettenheim
Poindus HQ - Taiwan
Poindus HQ - Taiwan
5F., No.59, Ln. 77, Xing-Ai Rd.,Neihu Dist.
Taipei City 114
Innere Kanalstraße 15
50823 Köln