2014 was a bad year for retailers:

Hackers stole records for millions of customers, exposing those customers to credit card and identity fraud. Customers are angry, many avoiding retailers who failed to protect their data:

Home Depot 56 Million customers’ records stolen; Target 70 Million customers; Michael’s crafts 3 Million customers; Staples 1.16 Million customer records; Neiman Marcus 1.1 Million customers; Domino’s Pizza 650,000 customer records; Aaron Brothers 400,000 customers; Bartell Hotels 55,000 customers; Sally Beauty 25,000 customer records (2nd incident); Bebe clothing customers in 200 stores; Kmart undisclosed; Dairy Queen customers at 395 stores; SuperValu customers at 180 stores (2nd incident); P.F. Chang’s customers at 33 stores; Ebay 145 Million customers.

What data are hackers stealing? And what do they do with it? What happens to a company after a data breach? And how can you protect your company and customers?

What data do hackers want?

Do you keep any of this data on your computer systems? You almost certainly do; It’s hard to operate a business without it:

• E-mail Addresses
• Home addresses
• Credit cards
• Correspondence
• Proprietary information
• Dates of Birth
• Social security numbers
• Medical records
• Bank account details (e.g. billing, online ordering, and payroll)
• Login credentials
• Passwords

What do hackers do with this data?

Hackers sell this stolen data to fraudsters on the dark web. What’s the going rate?

Stolen credit card numbers are sold on the dark web for between $6 and $30 each. Bank account details go for about $1,000, depending on its type and size.

But what they do with the other stolen data is far, far worse:

It’s used for “Identity Fraud.” Scammers can use that data – even in part – to fake the customer’s identity to:

• Raid the customer’s bank accounts, pension or stock investments.
• Take out new loans or credit cards in the customer’s name.
• Pocket the customer’s tax return.
• Fraudulently claim social security benefits.
• Make phony insurance claims.
• Commit crimes using the customer’s name as an alias.
• Have medical treatment in the customer’s name.

Your customer won’t even know this is happening… until the bills arrive. And once they do, it gets much worse:

How Identity Theft ruins lives

Fraudulent credit card purchases are generally refunded, but other debtors are merciless: Instead of writing off the debt, they send debt collectors to harrass the identity theft victims into paying anyway. And because debt collectors are paid by commission, it makes no difference to them if the debts are legitimate or not. The stories are heartbreaking.

It can take years for a hacked customer to clear their name, and they are forever looking over their shoulder for new bills and accounts set up in their name.

After a series of high-profile data thefts in 2014, consumers are now well aware of Identity Fraud and it terrifies them. How terrified?

A Chapman University study found 86% of consumers are worried they will become victims of identity theft. Companies who failed to protect consumer’s data are being spurned by consumers. How bad is it?

Hacked Retailers lose the confidence of their customers

US retailer Target was hacked last year, revealing the credit card details of 70 million of their customers. How did those customers feel?

Kim Woods of Oklahoma City hasn’t been in a Target store or shopped on the website since. She's still “angry with them for not protecting my data.”

Tim Boldt of Romeoville, Illinois, also a victim, had a bogus $450 charge on his credit card. The bank refunded it, but Boldt now avoids Target and if he does visit, only makes small, cash-only purchases.

Research Analyst Brian Yarbrough warns “Probably 5% to 10% of customers will never shop there again,” and others customers will try Target’s rivals Amazon and Walmart in the meantime. But customers aren’t the only victims:

Hacking hurts shareholders and management

Hacks cause immediate stock drops between 0.3% and 2.4%, and in Target’s case dividends were also cut by 20%. There are the law suits (Target is being sued by the banks for negligence), and other costs too:

Like the long-term damage to the value of the corporation itself. The 2015 SONY hack was utterly devastating. Security Expert David Kennedy said: “Regardless of who did it, this breach feels much different than anything I’ve seen before. This attack was designed to go after a company on multiple fronts and try to tank it. It’s a precedent-setting breach in that this was done to try to destroy SONY.”

How do hackers break in? How can you stop them?

Hackers launch 91% of their attacks through Phishing and Malware. (We’ll come back to the other 9% later).

“Phishing” is a play on the word ‘fishing.’ Every day, fraudsters send out millions scam e-mails in the hope someone will be naïve enough to take the bait.

Have you received an e-mail from a Nigerian price so absurd you laughed?

Or an e-mail supposedly from a bank but filled with misspellings and bad grammar?

Wouldn’t it be great if all phishing was that easy to recognise?

What is spear-phishing?

But some phishers have become very skilled; They produce convincing counterfeit e-mails which can fool an expert, delivered using a very effective technique called “spear-phishing.” “spear-phishing?” That’s a strange name…

They call it “spear-phishing” because each e-mail is aimed at someone in particular: a particular company, or a particular employee in that company, targeting them by name. A “spear-phish” might be aimed directly at you:

It will appear to come from someone you know; a colleague, friend, a reputable business, or a prospective customer. No business can afford not to correspond with prospective customers. So once you open the e-mail, what happens?

Spear-phishers infect your computer equipment with “malware;” malicious software which snoops around your network, looking for interesting data – addresses and credit cards, and computer vulnerabilities the hacker can later use to penetrate your network.

But you can stop it with Anti-virus software and spam filters, can’t you? Well, no:

Why Anti-virus software and Mail filters don’t work

Anti-virus software and mail filters can only protect against known attacks; phishing e-mails or malware that has already been sent to many people, and infected some of them, who have reported it. Why doesn’t this protect you from spear-phishers?

Because spear-fishing malware is custom-written, and so by definition new and unique. It sails right through those filters, and onto your computers.

So how does CryptoPhoto stop hackers?

CryptoPhoto uses patented Secure Mutual Authentication Technology (SMAT)™: When your customers or employees login to your web site or systems, they confirm their identity by tapping a picture on their smartphone.

How quick and easy is CryptoPhoto?

Watch our demonstration video, and I guarantee in 30 seconds you’ll agree CryptoPhoto is the world’s easiest security system. Not just easy, but fun, like a 5-second game of “SNAP!”

 

 

And if they don’t confirm, the transaction or login is blocked immediately.

CryptoPhoto is so quick, easy and fun to use, that everyone is comfortable using it; Even computer-challenged senior citizens. You won’t lose sales. You’ll gain them, and customers will appreciate shopping at a retailer who cares about their security.

Now here’s the best part:

CryptoPhoto’s patented Secure Mutual Authentication Technology (SMAT)™ is the highest grade of authentication technology there is.

CryptoPhoto provides far stronger security than RSA SecurID® (which uses discredited older technology, and has been cracked and hacked) and RSA SiteKey® (discredited), and is far easier to use than Vasco’s secure but onerous transaction-signing system. After all, what’s the point of having security if it’s so hard to use that your customers don’t want to buy from you?

Fight chargeback!

Chargebacks are the bane of the retail industry. But just as CryptoPhoto protects customers from identity theft, it also protects merchants by providing “compelling evidence” to fight fraudulent chargeback.

Easy installation

How soon can CryptoPhoto be protecting your company? Don’t laugh, but it may just be a matter of minutes:

Many companies run their web site using a CMS (content management system). Joomla, Drupal and WordPress. We have Plugins for all of these. You can have CryptoPhoto up and running on your system in literally minutes!

Or do you have your own custom IT system? If so, you can integrate CryptoPhoto using our simple API. A tutorial is available by clicking here.

Are you using third-party software? We’re helping vendors integrate CryptoPhoto authentication into their products. e.g. Atmail, cPanel.

We also have installers for adding CryptoPhoto authentication to Windows® and Linux®, securing your servers and employee logins.

How much does CryptoPhoto cost?

It depends on the level of support your business needs:

CryptoPhoto offers Top-Tier customers guaranteed availability, around-the-clock support, integration services and on-site technical support, in a Service Level Agreement negotiated to suit their needs.

Or perhaps you’re a small business on a tight budget? You can secure your web site for under $100 a year, and get official e-mail support.

What if you’ve got no money at all? No problem! CryptoPhoto Free won’t cost you a cent. There’s no official support, but you’re welcome to report problems and discuss CryptoPhoto on our free community web forum.

Sounds great! How do I do get started?

You can start using CryptoPhoto for free, right now, by clicking here: http://cryptophoto.com/

Contact us now

Phone: 18555CRYPTO (USA) or 1800CRYPTO (Australia).
E-mail: tech@cryptophoto.com

Awards & Achievements

Hey, what was that other 9%?

91% of attacks are through Phishing and Malware. So what’s the other 9%?

They are System vulnerabilities. Hackers look for security bugs in popular software, which they sell on the dark web. Once these go public, software companies will fix them, but you need to apply those fixes to your computer immediately. But don’t people do that already?

No. Security Expert Robert Hansen points out the Healthcare industry was hit hard because they were too slow; taking an average of 158 days to update their software. What happened in the meantime?

Hackers freely roamed their system. The Premera Blue Cross hack was particularly bad; Hackers were siphoning customers data for nearly a year before the hack was discovered. How can you protect yourself from system vulnerabilities?

Make sure your IT staff keep your software up to date, and in particular apply new security patches immediately. Make sure they are on the lookout for “Zero Day” exploits, so they can take the necessary preventative action until the software patch becomes available.