Why retailers need to collaborate against cybercrime

Why retailers need to collaborate against cybercrime

2023 saw a new record for UK retail, and not a good one. Over 16 million shoplifting incidents were recorded last year. This is more than double the year before, costing retailers £1.8bn—the first year losses have topped £1bn.

So how can retailers stop shoplifting? There are lots of things they can do as individuals. More in-store patrols, CCTV, and security tags can all help. But if reports are to be believed, it’s not just opportunistic shoplifting that’s on the rise. Organized theft is much more common too, where rather than a single person surreptitiously hiding an item, gangs will target a store and sometimes strip it nearly bare.

The problem is so bad that the government and police have stepped in, with an initiative they’ve codenamed “Pegasus”. By coordinating reports of shoplifting and use of police databases, the idea is to collect enough information that the police can target organized crime gangs and shut them down.

Alarms and security tags might deter the casual shoplifter, but preventing organized gangs need collaboration. Online retailers should take note.

Roman Faithfull

Cyber Intelligence Lead, Cyjax.

Keeping the lid on cybercrime

It’s understandable for businesses of any sort to keep quiet about the cybercrime they experience. No business wants to advertise it is vulnerable to attack, as to do so may invite further attacks. Companies want to keep their reputation intact, and don’t want people to ask if they can be trusted after a hack. While there may be regulatory disclosures that can’t be avoided, many businesses will do all they can to keep cybercrime quiet.

This is even more true of customer-facing businesses such as online retailers. Whatever the reality of embedded payment gateways, secure customer authentication, and PCI compliance, customers look to online retailers to keep their data safe. If they feel that a site is compromised or a regular victim of cyber attacks, it could affect customer loyalty—or even customers visiting in the first place. It’s not a misplaced fear. One survey found that 59% of consumers would stop shopping at a retailer if it was the victim of a cyber attack.

There is undoubtedly a problem with unreported cybercrime, but it’s obviously tough to pin down and numbers are hard to come by. One survey of consumers found that only 16.6% of fraud is reported, and while that’s tough to translate directly to retailers, it does suggest that there is a reluctance to report cybercrime where it can be avoided.

Honesty and collaboration

What are the cybercrimes most affecting online retailers? Beyond the attempts to infiltrate systems, as with any business, there are also account takeovers, ransomware, card cracking, and other payment fraud attempts. There are also more sophisticated attacks that involve buying out limited stock using bots and reselling on third-party sites.

What these attacks have in common is organization—either it’s a group using tools to target online retailers, or selling access to tools to do so. For example, many account takeovers use “combo lists” of emails and passwords stolen from elsewhere, making anyone who reuses a password vulnerable. Card cracking is the use of lists of payment card numbers to do the same. This information is stolen and sold on dark web sites, often by professional hacker groups. Many sophisticated attacks use bots, created by organized gangs who either use them or rent them out. Ransomware attacks are launched by groups who often boast about their success.

Organization means a need for structure and communication, most commonly on the dark web. The relative secrecy and anonymity these groups can enjoy in this space—not to mention its safety from law enforcement—means plans can be discussed relatively openly, and attacks can be launched without warning.

We can’t expect a retailer to have eyes on all of this activity. But what they can do is collaborate. Being open about the cyber attacks they are experiencing can give others insight into what they might be missing, or may soon expect. Working together on ways to share intelligence, both internal and external, means every business will be better prepared.

When a retailer suffers a cyber attack, a very reasonable response is to think: I’m glad it wasn’t us. But a better response is: what happens when it is us? Just as retailers are working together to stem the tide of shoplifting, they need to collaborate to beat the gangs that do the same online.


This article was produced as part of TechRadarPro’s Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro


Roman Faithfull

Leave a Reply