Retail businesses typically are low-margin operations, which is why they are often loath to invest in new technology for ongoing operations, or add to information security budgets. Two years after U.S. payment card networks shifted fraud liability from issuers to merchants, for example, half of retailers still shoulder the risk by using older, non-EMV payment terminals.
Understandably, retailers want to focus investments in areas that will increase customer engagement, as brick and mortar retailers confront the growing threat of online retailers. According to an annual RIS/Gartner Retail Technology Study, the top-rated challenge among retailers over the next three years is retiring legacy systems.
Retailers are focused on unified commerce, personalized marketing, and customer engagement, according to that same report. That means budgets are going to remain tight for investments in areas that don’t lead to results in these key areas.
Costly bets with aging equipment
But relying on aging, less secure technology could be a costly bet. In fact, many retailers are likely overlooking the security of network-attached printers that could provide unintended gateways into payment networks. And, as the Target point-of-sale (POS) data breach illustrated, any network access is good as gold to a cybercriminal.
According to a report in Krebs on Security, a Target-commissioned report following the breach indicates that “consultants were able to directly communicate with point-of-sale registers and servers from the core network. In one instance, they were able to communicate directly with…