Small Merchants – Voted most likely to help a cyber-criminal get ahead

It’s time for back to school and we are reminded that any type of group has a natural or created hierarchy. The 8th graders looking down upon the new 6th graders trying to navigate their way in their new surroundings in middle school, while the 8th graders already know all the short cuts and tips and tricks.  The recently unsealed indictments connected to Albert Gonzalez and other cyber thieves continues to shed light on how cybercriminals work in orchestration toward payment fraud and trends that they too have an organizational hierarchy.

  1. Unlike the movies, there is no one cyber-villain who masterminds an end-to-end plan for payment fraud and scopes which business to attack.
  2. Even within cyber-criminal circles there are specialists of varying skills. They too work and trade information on how to advance their careers with the desire to work with the elite of their industry.
  3. When possible the top groups push-down less attractive tasks to other groups, these groups may lack the sophistication but they have desire and drive to succeed.


Your business is not a necessarily a target; you are most likely just a number in the crowd of potential wins for the next wave of eager criminals who have something to prove. With information and guidance from others in their industry, easy-to-use automation tools to identify prime victims, and cybercrime-as-a-service offerings they have all the tools to succeed if there is an opportunity.

Here are some recommendations for smaller merchants that can reduce the chances of them helping a cyber-criminal’s career.

  • Utilize whitelisting as a means to prevent any unwanted software from executing on critical systems, like systems running POS software or customer databases.
    • Whitelisting is simple list of applications that have been granted permission by the administrator to install and / or run. Every time an application tries to run, it is checked against the whitelist and, if authorized is allowed to run.
    • A recent study from IHL, shows the largest retailers moving toward whitelisting as a strategy to secure POS systems, consider following their tracks.
    • Look to your manufacturer for this added-value feature.
    • Your system integrator can help implement it in their store system or you can install it yourself.
  • Look at providing on-going malware protection across all systems that support your business such as McAfee Security-as-a-Service (SaaS) Endpoint Protection
    • McAfee SaaS endpoint protection detects and blocks viruses, spyware, spam, phishing schemes, and hacker attacks. It includes McAfee SiteAdvisor that provides simple Web site safety ratings and a Secure Search box so you can search and surf securely.
  • Whether you manage your website yourself, have it hosted, or completely outsource it, you must ensure that best practices are being followed and that your site has not been tainted or compromised with McAfee PCI certification services.
    • McAfee PCI Certification Service is a cost-effective SaaS that ensures you meet PCI compliance requirements. It provides guidance, real-time analysis of your compliance status, and quarterly automated scanning.

As the 8th graders will relentlessly taunt the 6th graders, getting them to do things they normally wouldn’t. Cybercriminals will do the same – each trying to outdo the other with bigger scams and malware. Continue to improve your business security strategy and diligence, knowing that just as you are looking to grow your clients and customers, cyber-criminals are looking for their next ‘opportunity.’

McAfee Retail Paper Infographic FINAL (2)

 -Kim Singletary

Leave a Comment

twelve + 9 =