The British Retail Consortium (BRC) has called for improved fraud reporting and better policing after reporting an increase in cyber-attacks against its members last year.
The UK’s leading retail trade association claimed in its BRC Retail Crime Survey 2014 that the majority of its members were the victim of “some form of cyber attack” in the reporting period 2013-14.
These attacks “continue to pose a critical threat to businesses,” it said.
Fraud increased by 12% over the period, with 135,814 incidents reported in 2013-14 – the majority of which happened online. Fraud now accounts for 37% of the total cost of crime in the sector, BRC claimed.
The consortium called for a “step change improvement” in fraud reporting and investigation and for “enhanced knowledge, skills and capacity” within individual police forces.
“At present, only a tiny proportion of fraud cases reported to Action Fraud and sent out for investigation by police forces from the National Fraud Intelligence Bureau result in any action being taken,” it argued.
There was also a call for greater intelligence sharing across siloes:
“There is range of work underway across government aimed at preventing and tackling cyber crime, but this is split between various departments and agencies – it needs to be more comprehensive and coordinated. The creation of a National Cyber Crime Unit in the National Crime Agency was a welcome development but the retail sector would like to see this Unit share more intelligence about emerging cyber threats.”
There are plans afoot to make fraud reporting easier for businesses and individuals, especially in London.
Head of the Met’s new cybercrime division, Detective Chief Superintendent Jayne Snelgrove, told the Evening Standard last November that four new “volume crime hubs” would be set up in the capital to speed police follow-ups to fraud reports.
Simon Mason, head of security EMEA for Verizon Enterprise Solutions, argued that fraud and cybercrime are still under-reported in the retail industry.
“Many retailers are keen to avoid the negative headlines that come with reporting a data breach, even if it hasn’t directly impacted customer data, and will therefore try to handle the problem internally,” he told Infosecurity.
“Not only that, but many retailers are unaware that they even have a problem – in fact, last year’s Data Breach Investigations Report (DBIR) saw that in 99% of point-of-sale intrusions, someone else told the victim they had suffered a breach.”
He added that retailers needed to develop multi-layered defenses to detect and stop threats at ever entry point – web, network and endpoint.
DDoS, point-of-sale intrusions and web app attacks were all highlighted by the DBIR as major threats to retail businesses, he claimed.