From cash management to surveillance to data security, protecting c-stores from all areas of theft is a nonstop commitment.
By Brad Perkins, Contributing Editor
Do you know how secure your convenience stores are? Surveillance cameras and secure cash storage keep stores physically safe, but to be fully secure, retailers also need to think about point-of-sale and back-end data security. And keeping your stores safe is a full-time job.
Theft doesn’t only happen when a robber walks into a convenience store and announces a robbery. It can be silent, behind-the-scenes or hidden in plain sight. While cash thefts still occur, thefts from credit card readers and internal data servers are on the rise.
CURBING CASH THEFT
“On a per transaction basis, cash remains the cheapest, fastest and most popular way for retailers to accept payment, representing an important opportunity for retailers,” said James Harris of Volumatic, a sponsor of Retail Knowledge’s “U.S. Retail Fraud Survey 2015,” which reported that cash thefts from U.S. retailers increased 8% year-over-year. The survey also found the number of stores using secure cash storage systems at the point of sale (POS) dropped by 2% during the same period.
The opportunity Harris is referring to is implementing intelligent cash handling systems and practices to reduce cash theft. Using time-lock safes to manage cash handling as well as video cameras inside and outside the store can help reduce both internal and external theft risk while simultaneously helping solve crimes.
Video technology can be both a deterrent and an informant, making it essential for keeping stores safe and deterring crime. Upgrading credit card machines to accept chip cards and taking mobile payments also can lead the fight against theft.
“Don’t fight the idea of smartphones being used to pay,” said Daniel Burrus, CEO of Burrus Research Associates, which monitors global advancements in technology. “Instead of fighting the future, realize why it is the future. We’re getting rid of the incentive for the crooks—that’s the thing the crooks hate the most.”
SKIMMING DATA AND PROFITS
Despite its increase, cash theft is not the biggest threat—it’s data theft, and it can affect your store, your brand, your employees and your customers. While technology has increased the safety of customers, employees and store data, it has also increased the opportunities for theft as thieves look to use data hacks and skimmers to steal credit card and other identifying information. And it’s easier than you think.
“The most common way credit card data is taken at fuel sites or oil companies is through skimming,” said Russell Gibson, manager of marketing technical services at Sinclair Oil Corp.
Some industry experts agree.
“We’re more susceptible in skimming and the prevalence of card readers at the dispenser than others,” said Ed Collupy, executive consultant at W. Capra Consulting Group, a technology, payment and security firm. “Preventions are visual, where you ask the manager to go out each day when they’re cleaning up to check equipment in the forecourt. Look where someone could have accessed and manually check if another device has been added to it.”
Teaching employees what to look for and enlisting the help of managers, cleanup crews and technicians who have access to the forecourt and ATMs can prevent data breaches.
“Most security breaches are from a store’s own employees,” Burrus said. “That doesn’t mean that they’re evil, it means they don’t have a good sense of what security means and what best practices are.”
IN THE CLOUD
At the point-of-sale and in the back office, “keeping an eye on it” takes on a different, but no less important meaning.
“Data sources are myriad—and include loyalty systems, POS systems, customer email lists, social media engagement campaigns and many more,” said Jeremie Myhren, vice president of IT for Road Ranger. “Securing that customer data continues to be a challenge.”
And it’s a challenge that owners and operators must embrace because hackers generally take advantage of the easiest entry point. The first item in securing data is to only collect what you need and only allow access to those who need it.
“For the data retailers do wish to capture and preserve, they should consider employing best practices like full database encryption and irreversible salting and hashing of sensitive data (social security numbers, drivers licenses, account numbers, passwords),” Myhren said.
The good news is that securing the data is easier than ever, and while hacking threats increase, so too do the options for security.
“Security is evolving; an important technology gaining more traction in our space is the use of whitelisting in the place of traditional antivirus,” Myhren said.
Whitelisting is the opposite of anti-virus, as it only lets in approved e-mail addresses rather than simply blocking everything. Using cloud-based security rather than storing data on an internal server also helps, both to remove the data physically from the store and to relieve the store of the burden of old-fashioned systems with clunky software that contains vulnerabilities that can be difficult to fix.
“We use the standard systems by Wayne, Gilbarco and Verifone along with Pinnacle, Fiscal, Radiant and Petrovend,” Gibson said. “We have used the Internet for over a decade to transport credit card data. Many manufacturers today are incorporating the firmware that was in the Datawire device directly into the POS system eliminating the extra hardware. Certain systems are required to have a managed firewall, others have a compensating control for firewall that is certified and accepted.”
No matter whether you’re a large chain with a massive in-house IT department or a small shop setting up security protection with a cloud-based provider, security does not have to be an expensive process.
“The beauty is that because we can virtualize hardware and software and services and sell them per user, you don’t need to have an IT department. You can have full access to multimillion dollar IT department using a service like Salesforce,” Burrus said.
Realizing that the investment benefits everyone, that customers understand and appreciate the effort and that back-end security is as important as cameras, safes and pump locks will yield results.
“Technology adoption is always rooted in a strong business case,” Myhren said. “Retailers should engage a strong security partner or invest in developing information security discipline in-house. Take a more holistic view of enterprise security and then certainly the pieces will fall into place. Know what data is sensitive, make sure you’re collecting only what you need and ensure you have restrictions set up around that data for need to know purposes only. Be diligent in defining your core requirements up front, at the most detail possible.”
Because when the cameras are set up, the safes are locked, employees are watching out for skimmers as well as shoplifters and your silent technology partner is blocking intrusions that could lead to an embarrassing and costly data breach, you’ll be assured your store is properly protected.
“The key is instead of thinking this is a hassle, realize you don’t want to get hacked in the first place,” Burrus said. “We’re taking away the whole incentive to hack us altogether, which is what you want to do—there’s nothing to steal.”