Digitolution: Cybercrime in the retail industry

As our society becomes more digitalized, the advantages and disadvantages of this change become more evident.
We’ve discussed the positive impact digitalization on society earlier – social media’s impact on society – but there is also an obvious dark side: cybercrime.

Why is cybercrime possible? The more people use the world wide web, the more sensitive information they are likely to give away online. Most of us, at the very least, do our banking online and share private correspondence with friends, family, and work. Many people do not know how to protect this information, which makes it easy to steal.

In early days of the Internet, we had a distinct separation between ‘real life’ and what we did online. The saying “On the Internet, nobody knows you are a dog” that comes from the iconic cartoon illustrated by Peter Steiner turns 25 next year. It implies that online activities could not be connected to the person behind it.

By now, most of the people are aware that this anonymity is hard to come by. In fact, people that are active on the web have a digital identity that is defined by a collection of information generated by a person’s online activity. There are different forms of digital identities that change depending on the context.

What different digital identities are there?

Most of us know that we are tracked with identifiers. These identifiers can be things like IP addresses, device ID, or cookies designed to reveal information about the browser and other tidbits. Somehow, we’re okay with this; we still feel safe browsing, with our real identity safely kept anonymous.

Aside from being tracked, we actively provide information about ourselves instead. We readily reveal who we are, what we do, what we like. Some of us more are more careful, being on platforms with pseudonyms, but many of us willingly share all kinds of personal information, including photos for the world to see!

While on social media, depending on what privacy settings we put in place, we can protect some of our identity. Most of these platforms are based on an authentication-based identification where people identify themselves and providers verify the users as who they say they are. However, social media profiles or Google Chrome ID’s are usually linked to a real identity, real name and online activities.

For some online activities, our real identity needs to be known and verified. For this, governments and trusted organisations issue electronic identities. People must be able to authenticate and identify remotely via a device to access e-government services such as taxes, banking or medical records.

Why do we create digital identities?

Being online has become a necessity for most of us. This is especially the case since large parts of the society and business have moved online. Some give away their personal data to create digital identities for social reasons, wanting online interactions that are supported by “authentic” identities”. With trends such as the sharing economy, online dating, or car sharing, people assume that the identity of the person they are interacting with has been verified.

Furthermore, administrative bodies such as banking and government agency, but also retailers, are now online too. Lacking an existence in the digital world often means missing out on opportunities.

What are the risks of having a digital identity?

With all the advantages of being present online, this has also opened doors for a thriving “underground industry” – cybercrime.

Anybody online in any form is at risk of becoming a victim of cybercrime.

Cybercrime comes in a variety of forms: online identity theft to create fraud for financial reasons, cyber bullying, social engineering, phishing, hacking, viruses, and so on!

The more digitalized we become, the more traceable digital footprints we leave behind. The more footprints, the higher the risk gets for cybercrime of all forms.

It’s not only individuals that are victims; businesses are online too, and these are at risk as well. According to a study of Juniper research, the continued digitising of people’s lives and businesses will increase the cost of data breaches to $2.1 trillion globally by 2019.

The health care industry, the financial industry, and government store a lot of sensitive data online and thus are particularly interesting sectors for cyber criminals and also attacked frequently. Since these industries started improving their defence and cyber security, criminals are looking around to find other vulnerable industries and they laid eyes on the retail industry.

What kind of cyber crime is faced by the Retail Industry?

Retailers use the Internet for e-commerce, the development of in-store technology, and new innovations in the area of the IoT, big data, and marketing but also the digitalisation of supply chains that often have access to a retailer’s system provide several avenues for cyber criminals to exploit and makes the retail industry an attractive target.

The fact that retailers handle billions of transactions make them vulnerable for financially-motivated cybercrime. Retailers want to provide consumers with great shopping experiences. One of the ways they do this is to offer customers the possibility to create accounts on store websites that save their personal information and preferences. These websites thus become interesting to cyber criminals.

Another way to get to data often used in the retail industry is social engineering. For example, by infiltrating a company’s network and gathering data to target a specific employee, tricking that person to transfer funds.

The industry’s cyber defence is more important than ever as can be seen by couple of high-profile hacking events the industry suffered from in the past years.

According to PWC’s Annual Global State of Information Security Survey, the retail and consumer sector suffered over 4000 security incidents since May 2016, with 16% of the organisations have had losses that are over $1 million as a result.

Many retailers are large companies, and they often are not able to react quickly enough to deal instantly with potential new risks. In addition to this, the industry itself is very labour intensive. They tend to have a diverse employee base, with varying working hours, different regulations, and often a lack of knowledge and security awareness, the perfect ground for social engineering.


This post is brought to you by one of AQ’s Undergraduates, Alexa V. . As part of our internship programs, undergraduates and classic interns are encouraged to take part in company culture. Alexa’s primary focus is in digital marketing.