While applications have allowed shoppers to have an abundant amount of options at their fingertips, they have become a breeding ground for digital adversaries looking to exploit credit card and personal information from shoppers.

While families around the country are preparing their turkeys, cranberry sauce and mashed potatoes, retail companies are readying their stores and websites for the influx of holiday shoppers. Over the past few years as online shopping has become a retail mainstay, the peak event of Black Friday has expanded into a week’s worth of shopping activity. 41.4 million people shopped online last year from Thanksgiving Day to Cyber Monday, and the number is only expected to increase in 2019, according to the National Retail Federation.

As consumers embark on their journey to find the best deals on the latest in consumer technology, fashion and appliances, security isn’t often top of mind. While applications have allowed shoppers to have an abundant amount of options at their fingertips, they have become a breeding ground for digital adversaries looking to exploit credit card and personal information from shoppers.

Ahead of Black Friday and Cyber Monday, it is important for organizations and consumers alike to protect themselves from being the victims of cyber attacks. Below, we detail steps organizations and consumers can follow to stay safe throughout the holiday shopping season and beyond.

Organizations need to prioritize application security all year round

Applications are the key to driving increasing revenue on a yearly basis, and retailers cannot produce them fast enough. Unfortunately, with the “need-for-speed” pressures developers face during the application development and deployment cycle, organizations can sometimes fall victim to prioritizing the deadline and user experience over the security of the application.

The “window of exposure” metric represents the amount of time that an application has a serious vulnerability that can be exploited to data breaches. Recent data has shown that while the retail industry as a whole has improved year-over-year consistently with reducing its window of exposure, remediation rates have fallen. That’s a huge concern. Clearly, security is still being overlooked as organizations aim to continue developing new and innovative applications.


By incorporating security into the development process, transforming DevOps (development operations)  to DevSecOps (development and security operations), organizations can integrate and open cross-functional organizational structures and communications to include application security throughout the development process and beyond. DevSecOps seeks to not only lower the number of vulnerabilities but also to increase efficiency for detection to time-to-fix rate, which increases remediation rates. A DevSecOps framework provides early detection of threats and vulnerabilities as well as security solution deployment.

Retailers have the opportunity to provide an extra service to their customers by providing a more secure online shopping experience. In today’s world, where one breach can cause extreme reputational losses, retailers differentiate themselves by becoming a trusted security brand.

Consumers need to stay aware at all times

Even when shopping at the most secure organizations, it is important for consumers to stay alert at all times to protect themselves from hackers. When shopping online, consumers need to make sure the site they are purchasing from is sending any credit card or personal information over an encrypted connection. Shoppers can tell if their connection is secure by ensuring “https” is being used. They can tell by looking for the letters and a little lock next to the web address in the browser bar.

Consumers should also weigh payment options before making an online purchase. In the past, retailers have asked for credit card numbers, expiration dates and the CSV number on the back of the card. If a breach occurs, that information can be compromised and used by a hacker to make other purchases. To avoid this issue, more retailers are now using services such as a cash app or Venmo. These apps or services work by paying for items on your behalf. This eliminates the risk of personal card information being insecurely stored on an unknown vendor’s system.

Shoppers should also stay cautious at physical retail locations. Point-of-sale machines can be a target for hackers as well. Since magnetic stripe cards are notorious for being breached, use the chip on cards to create a one-time token between the point of sale machine and your credit company. A second safe method of payment growing in popularity is the use of a service like Android or Apple pay. These work the same way as a chip.


Lessons learned

No matter the time of year, retailers and consumers alike should always consider cybersecurity closely. By following the above steps, both parties can enjoy a safe shopping experience and peace of mind. When cybersecurity is put first, shoppers and retailers can truly focus on the excitement of the holiday season rather than the fear of compromise.

Bryan Becker is the product manager at WhiteHat Security.