CollectionsJul 17, 2025
2026 Winter Olympic Medal Design Symbolizes UnityThe medals feature a split-texture design highlighting the Games’ first time being hosted by two cities and the athletes’ journeys.
TechnologyApr 30, 2014
21 digital security tips for retailers
With the recent data breaches impacting major retailers and web security issues stemming from Heartbleed, National Jeweler takes a look at what jewelers can do to protect their customers.
Heartbleed, a security flaw in OpenSSL, a cryptographic library used to secure a large percentage of the Internet’s traffic, is the latest threat to private consumer data.
New York--The past six months have been rough for the security of private consumer information.
Target and Neiman Marcus both fell victim to massive data breaches, leaving millions of customers vulnerable. The web world was thrown into further turmoil with news of a massive security flaw in OpenSSL, the security software used on about two-thirds of all servers on the Internet.
Though no cases have yet been reported of the flaw, which is called the Heartbleed bug, being used to obtain information, its potential reach is troubling, allowing for the removal of personal and financial information without anyone’s knowledge.
Retailers are responsible, from many standpoints, for making sure they’re doing everything they can to protect this information.
National Jeweler talked to a number of security experts--Matt Boaman of EZSolution, James Koons of Listrak, Chris Kronenthal of FreedomPay, Andrew Van Noy of Warp 9, Aaron Janowski of Wellsley Consulting and consultant to the Jewelers’ Security Alliance, and Zilvinas Bareisis of Celent--to compile the following list of tips for retailers to secure their customers’ information.
1. Monitor the information. The Heartbleed bug is invisible, so no one can establish ahead of time what information has already been compromised; instead, jewelers should be monitoring for any signs that it has been. The monitoring and response plan is key to being able to show that the company is taking all reasonable steps to keep secure the personal data that is processed.
2. Test the site. This site provides a place to plug in URLs to check if a website is vulnerable to the Heartbleed flaw.
3. Fix the problem. Contact the web host to ensure that if the web server was running one of the vulnerable versions of OpenSSL, they have updated it or patched it right away. Once that’s finished, get a new key for the site’s security certificate.
4. Communicate with customers. Advise customers not to log into the site until it’s been fixed. Once it has, tell them to reset their user passwords if they have an account through the website. They shouldn’t do so before it’s been fixed as that could open them up to more vulnerability.
5. Don’t store unnecessary information. Don’t keep any unnecessary information on a server that doesn’t need to be there. Instead, encrypt the information before sending to a credit card processor.
6. Plan ahead. Consider getting involved in organizations like the Online Trust Alliance, which advocates
that every organization handling customer data create a data management strategy and incident response plan that evaluates data from acquisition through use, storage and destruction. To help with a preparedness plan, the OTA publishes the Data Protection & Breach Readiness Planning Guide, which is updated at least every year and is available for free download here.
Data breaches also continue to be top of mind, as companies work to make sure they’ve secured their payment systems after millions of customers’ information was stolen from Target and Neiman Marcus. Target recently named a new chief information officer and security updates to show consumers it’s taking steps to protect them.
RELATED CONTENT: Target hires new CIO, announces security updates
These breaches can have numerous negative effects for a retailer.
“Whether the result of an online attack, in-store breach, internal theft, malware or accidental loss of data incident such incidents can have significant financial impact and can have devastating consequences on the value of a company’s brand,” said Koons, who is chief privacy officer at Listrak.
The National Retail Federation has since been urging Congress to overhaul the nation’s credit and debit card system, saying that banks’ insistence on a signature instead of a personal identification number, or PIN, puts customers at risk. The organization is also urging the card industry to switch to new chip-and-PIN cards, much as Target is doing now, which would require use of a PIN instead of the signature.
There are a number of steps that jewelers can take to prevent a data breach.
1. Check the connection. Make sure that the merchant account with the banks being used to process sales is secure.
2. Check the equipment. Ensure the in-store equipment is loaded with anti-hacking, anti-virus software and/or hardware so that nothing on premises is corrupted, which is usually done by proper firewalls, data encryption and security hardware.
3. Do a double take. Double check with the credit card holder's bank for the validity and security of the credit account being used.
4. Prepare for the possibility. Security threats will always be a possibility, and businesses can’t wait until after it happens to figure out what to do. It’s necessary to have a plan to deal with security breaches and other incidents should it happen.
5. Explore all options. There isn’t one technology that will give all the protection needed against cybercrime. Follow a “layered approach” to security and use a number of tactics, including using EMV, tokenization, point-to-point encryption, and dynamic authentication, among other things.
6. Stay up-to-date. Make sure antivirus and operating systems are up to date with the latest software updates to provide the best protection against threats.
7. Keep it off-site. Avoid storing data unless absolutely necessary. If it’s necessary, they should follow PCI Security Standards Council guidelines.
8. Be proactive. Ensure cashiers always check the customer’s identification and/or ask for the PIN.
If a data breach should occur, immediate action is necessary to help regain security, preserve evidence and protect the brand. Here are steps to follow within the first 24 hours:
9. Jot down activity. Record the date and time when the breach was discovered as well as the current date and time when the team was alerted to the breach.
10. Secure the site. If a data breach comes from inside the store, secure the premises where it occurred to preserve evidence.
11. Prevent more activity. Stop additional data loss by taking affected machines offline but do not turn them off or start investigating in the computer until professionals are there to help.
12. Take extensive notes. Document everything known about the breach so far, including who discovered it, who reported it, to whom was it reported, who else knows about it, what type of breach occurred, what was stolen, what systems are affected, what devices are missing and any other pertinent information.
13. Interview. Talk to the team members who found the breach and anyone else who may know about it and document it to get all the relevant information.
14. Get professional help. Bring in a forensics team to begin the in-depth investigation.
15. Contact law enforcement. If needed, notify law enforcement after consulting with legal counsel and the entire upper management team.
More on Technology
The Latest
Supplier BulletinJul 17, 2025
The INSTORE Jewelry Show 2025: Your Holiday Preparations, All Wrapped Up! Sponsored by The INSTORE Jewelry Show 2025
SurveysJul 17, 2025
The Most Recommended Brands in the World, According to YouGovGlobally, travel and transportation brands reigned, while in the U.S., alcoholic beverage companies and a lingerie brand took the top spots.
Brought to you by
Investing in the Next Generation of Bench JewelersThe Seymour & Evelyn Holtzman Bench Scholarship from Jewelers of America returns for a second year.
IndependentsJul 17, 2025
Gina Ferranti of GiGi Ferranti Jewelry Dies at 59The Brooklyn-based jewelry designer is remembered as a true artist and a rare talent.
Weekly QuizJul 17, 2025
This Week’s QuizTest your jewelry news knowledge by answering these questions.
SourcingJul 17, 2025
Rio Tinto Names New CEO, Production Rises at DiavikProduction at the mine in Canada’s Northwest Territories topped 1 million carats in Q2, the third consecutive quarter of growth.
Events & AwardsJul 17, 2025
JA to Hold Learning Workshops This FallA new slate of Learning Workshops will take place in Oklahoma, Mississippi, and Georgia.
Brought to you by
Jewelers of America is Headed to Las Vegas for JCK 2025The countdown is on for the JCK Las Vegas Show and JA is pulling out all the stops.
SurveysJul 16, 2025
Signet Jewelers Falls Lower on NRF’s ‘Top 100’ Retailers ListThe middle class is changing its approach to buying jewelry and affordable luxury goods, the NRF said.
FinancialsJul 16, 2025
Richemont’s Jewelry Sales Up 7% in Q1It marks the third consecutive quarter of growth for Cartier, Van Cleef & Arpels, Buccellati, and Vhernier.
WatchesJul 16, 2025
The Top-Selling Rolex Models of the Last 15 Years, According to Bob’s Watches The reseller’s market trends report, based on its sales data, also shows exactly how much Rolex prices have jumped since 2010.
AuctionsJul 16, 2025
Christie’s To Honor Dinh Van With ExhibitionThe auction house will be hosting a retrospective paying tribute to jeweler Jean Dinh Van and his company’s 60th anniversary.
IndependentsJul 16, 2025
Clyde Duneier Ushers In Fourth GenerationJake Duneier and Danielle Duneier-Goldberg have stepped into the roles of CEO and president, respectively.
CollectionsJul 15, 2025
Boucheron’s New High Jewelry Calls Attention to Nature’s ImpermanenceThe “Impermanence” collection contemplates nature through the Japanese art of Ikebana (flower arranging) and philosophy of wabi-sabi.
MajorsJul 15, 2025
James Avery Expands to 2 More StatesThe Texas-based jewelry retailer has set up shop in Tennessee and Arizona.
Events & AwardsJul 15, 2025
Neiman Marcus Vet Joins Couture as Brand Director Eric Ford will step into the role, bringing with him decades of experience.
MajorsJul 15, 2025
Ben Bridge Jeweler Acquires Olympic ManufacturingIn addition to improved capabilities, the acquisition will allow the jeweler to offer support to other independent jewelers.
CollectionsJul 15, 2025
Guzema Debuts First Colored Gemstone JewelryThe “Celestial Blue” capsule collection campaign features Olympian Kateryna Sadurska.
MajorsJul 14, 2025
Nanis Opens First StoreThe seasonal store, located in Mykonos, Greece, offers exclusive events, personal styling, and curated experiences.
IndependentsJul 14, 2025
It’s the Summer of Love at Long’s JewelersThe New England jeweler is hosting a bridal event for the month of August.
SourcingJul 14, 2025
Ethical Gem Fair Heads to SeattleThe trade-only event will host its debut fair in the Emerald City later this month.
Events & AwardsJul 11, 2025
The Edge’s Annual Conference Returns in SeptemberIts sessions will focus on inventory strategies, staff performance, retention and acquisition, emerging market trends, and more.
CollectionsJul 11, 2025
Piece of the Week: Miseno’s ‘Arco’ EarringsFor its 10th anniversary, Miseno designed the “Arco” earrings based on the Arco Felice, an arch conceptualized in A.D. 95 in Miseno, Italy.
Policies & IssuesJul 11, 2025
James Avery to Donate $1M to Texas Hill Country Relief EffortsThe jewelry company is one of several contributing to relief efforts in the region after the recent floods.
TrendsJul 11, 2025
Kelly Osbourne’s Engagement Ring Is Sweet as HoneyInspired by fiancé Sid Wilson’s nickname for her, the white and yellow diamond ring features a unique honeycomb design.
CollectionsJul 10, 2025
Penny Preville Celebrates 5 Decades of Jewelry DesignThe brand is marking its 50th anniversary with a limited-edition bangle, high jewelry suites, new collections, and more.
IndependentsJul 10, 2025
Steven Goldfarb to Retire, Close Alvin Goldfarb JewelerGoldfarb said changes in the industry, coupled with his age and the updates needed to modernize his business, drove his decision.
