The first-ever JCK Virtual show, which runs through Friday, hosted a JCK Talks session on Tuesday that tackled cybersecurity.
DJ Murphy, editor-in-chief of Card Not Present, moderated a discussion with John Kennedy, president of the Jewelers’ Security Alliance, and e-commerce security expert Brittany Allen from security software company Sift.
Here are some highlights from the conversation:
++ Discussing how retail crime has changed over the past decade, Kennedy said, “It used to be people would make telephone calls to have you ship product to them. But in more recent years, it’s emails attempting to have merchants send product. In our industry, the crimes are usually intended to separate retailers from product, as opposed to money. They’re trying to get the diamond from you, the watch from you, the jewelry. There’s all kinds of…impersonating a client or prospective client. What we haven’t seen so much of…is people trying to penetrate systems. We see domestic criminals who are pretending to be someone.”
Allen added, “There are so many more options and alternatives for the card-not-present crime now. As people have become more comfortable with buying things online, all of that has created more opportunities for the fraudster to choose [ways to commit crimes]. And if they find something that works on one website, they won’t hesitate to try it on another.”
++ Talking about industry crime during the COVID-19 pandemic, Kennedy said “so many businesses were closed completely…we haven’t see a huge explosion of online fraud as a result of this.”
Allen added, “I heard there’s less fraud being seen in the jewelry vertical” and noted that attempts to defraud have become more long-term. “We see some fraud attempts done by people who put a lot of time and effort and work into the social engineering of pulling off their scheme. One fraudster we saw took four months speaking to a customer service rep to [pull off the crime].”
++ The COVID-19 store closures have given indie retailers more time to study transactions, Kennedy said, adding, “The little guys today have so much time—they’re not getting hundreds of transactions, and they have time to look over each one. There was one big [crime] that happened at Claire’s stores. They had a big cyber penetration…they got names and credit card numbers. That was the major one we’ve seen recently.”
Still, Allen stressed that indie retailers should be wary of cyber criminals: “There’s a big misconception that fraudsters won’t go after the little guys. But they will try to find any opportunity they can.” She added that it’s not a question of if a small retailer will be hit by crime, it’s a question of when. “If you’re ready in advance as much as you can be,” she said, “you’ll be able to deal with it.”
++ Both panelists conceded that it can be frustrating for small business owners dealing with law enforcement in the aftermath of a crime. Kennedy noted that the dollar amount stolen plays a big part in how much time police can expend on any given case. He explained, “Fraud cases are very tough cases and they take a lot of manpower…if someone is losing $1,000, I don’t know if [police are] going to put a lot of manpower behind that.” But when expensive jewels or gems are stolen, he says the Jewelers’ Security Alliance “can usually help people [connect] with friends we have in the [FBI]—and we know that some units will pursue this.” He added that the volume of fraud activity across all industries is so huge, “there’s just no way law enforcement can pursue every claim.”
++ Discussing how small and midsize retailers can protect themselves from fraud, Kennedy said, “The jewelry industry has been a little behind the curve in terms of technology. At the bigger firms that have good capitalization, they’re spending good money on security. For the smaller company and smaller retailer, it’s really on the back burner. They don’t do that much, and they don’t see it as important as they should. There’s a problem and there’s a lag there, and retailers need help. It’s not something they can do themselves. We hire consultants to take care of [our security] at JSA.”
Allen added that connecting with others in the industry to share information “is one of the best ways to protect yourself.”
Follow me on Instagram: @emilivesilindFollow JCK on Instagram: @jckmagazine
Follow JCK on Twitter: @jckmagazine
Follow JCK on Facebook: @jckmagazine