CrimeDec 15, 2025
Men Receive Life Sentences in Home Invasion Murder of Jeweler Carlos Jose Hernandez and Joshua Zuazo were sentenced to life without the possibility of parole in the 2024 murder of Hussein “Sam” Murray.
TechnologyApr 30, 2014
21 digital security tips for retailers
With the recent data breaches impacting major retailers and web security issues stemming from Heartbleed, National Jeweler takes a look at what jewelers can do to protect their customers.
Heartbleed, a security flaw in OpenSSL, a cryptographic library used to secure a large percentage of the Internet’s traffic, is the latest threat to private consumer data.
New York--The past six months have been rough for the security of private consumer information.
Target and Neiman Marcus both fell victim to massive data breaches, leaving millions of customers vulnerable. The web world was thrown into further turmoil with news of a massive security flaw in OpenSSL, the security software used on about two-thirds of all servers on the Internet.
Though no cases have yet been reported of the flaw, which is called the Heartbleed bug, being used to obtain information, its potential reach is troubling, allowing for the removal of personal and financial information without anyone’s knowledge.
Retailers are responsible, from many standpoints, for making sure they’re doing everything they can to protect this information.
National Jeweler talked to a number of security experts--Matt Boaman of EZSolution, James Koons of Listrak, Chris Kronenthal of FreedomPay, Andrew Van Noy of Warp 9, Aaron Janowski of Wellsley Consulting and consultant to the Jewelers’ Security Alliance, and Zilvinas Bareisis of Celent--to compile the following list of tips for retailers to secure their customers’ information.
1. Monitor the information. The Heartbleed bug is invisible, so no one can establish ahead of time what information has already been compromised; instead, jewelers should be monitoring for any signs that it has been. The monitoring and response plan is key to being able to show that the company is taking all reasonable steps to keep secure the personal data that is processed.
2. Test the site. This site provides a place to plug in URLs to check if a website is vulnerable to the Heartbleed flaw.
3. Fix the problem. Contact the web host to ensure that if the web server was running one of the vulnerable versions of OpenSSL, they have updated it or patched it right away. Once that’s finished, get a new key for the site’s security certificate.
4. Communicate with customers. Advise customers not to log into the site until it’s been fixed. Once it has, tell them to reset their user passwords if they have an account through the website. They shouldn’t do so before it’s been fixed as that could open them up to more vulnerability.
5. Don’t store unnecessary information. Don’t keep any unnecessary information on a server that doesn’t need to be there. Instead, encrypt the information before sending to a credit card processor.
6. Plan ahead. Consider getting involved in organizations like the Online Trust Alliance, which advocates
that every organization handling customer data create a data management strategy and incident response plan that evaluates data from acquisition through use, storage and destruction. To help with a preparedness plan, the OTA publishes the Data Protection & Breach Readiness Planning Guide, which is updated at least every year and is available for free download here.
Data breaches also continue to be top of mind, as companies work to make sure they’ve secured their payment systems after millions of customers’ information was stolen from Target and Neiman Marcus. Target recently named a new chief information officer and security updates to show consumers it’s taking steps to protect them.
RELATED CONTENT: Target hires new CIO, announces security updates
These breaches can have numerous negative effects for a retailer.
“Whether the result of an online attack, in-store breach, internal theft, malware or accidental loss of data incident such incidents can have significant financial impact and can have devastating consequences on the value of a company’s brand,” said Koons, who is chief privacy officer at Listrak.
The National Retail Federation has since been urging Congress to overhaul the nation’s credit and debit card system, saying that banks’ insistence on a signature instead of a personal identification number, or PIN, puts customers at risk. The organization is also urging the card industry to switch to new chip-and-PIN cards, much as Target is doing now, which would require use of a PIN instead of the signature.
There are a number of steps that jewelers can take to prevent a data breach.
1. Check the connection. Make sure that the merchant account with the banks being used to process sales is secure.
2. Check the equipment. Ensure the in-store equipment is loaded with anti-hacking, anti-virus software and/or hardware so that nothing on premises is corrupted, which is usually done by proper firewalls, data encryption and security hardware.
3. Do a double take. Double check with the credit card holder's bank for the validity and security of the credit account being used.
4. Prepare for the possibility. Security threats will always be a possibility, and businesses can’t wait until after it happens to figure out what to do. It’s necessary to have a plan to deal with security breaches and other incidents should it happen.
5. Explore all options. There isn’t one technology that will give all the protection needed against cybercrime. Follow a “layered approach” to security and use a number of tactics, including using EMV, tokenization, point-to-point encryption, and dynamic authentication, among other things.
6. Stay up-to-date. Make sure antivirus and operating systems are up to date with the latest software updates to provide the best protection against threats.
7. Keep it off-site. Avoid storing data unless absolutely necessary. If it’s necessary, they should follow PCI Security Standards Council guidelines.
8. Be proactive. Ensure cashiers always check the customer’s identification and/or ask for the PIN.
If a data breach should occur, immediate action is necessary to help regain security, preserve evidence and protect the brand. Here are steps to follow within the first 24 hours:
9. Jot down activity. Record the date and time when the breach was discovered as well as the current date and time when the team was alerted to the breach.
10. Secure the site. If a data breach comes from inside the store, secure the premises where it occurred to preserve evidence.
11. Prevent more activity. Stop additional data loss by taking affected machines offline but do not turn them off or start investigating in the computer until professionals are there to help.
12. Take extensive notes. Document everything known about the breach so far, including who discovered it, who reported it, to whom was it reported, who else knows about it, what type of breach occurred, what was stolen, what systems are affected, what devices are missing and any other pertinent information.
13. Interview. Talk to the team members who found the breach and anyone else who may know about it and document it to get all the relevant information.
14. Get professional help. Bring in a forensics team to begin the in-depth investigation.
15. Contact law enforcement. If needed, notify law enforcement after consulting with legal counsel and the entire upper management team.
More on Technology
The Latest
Policies & IssuesDec 15, 2025
Sara Yood Named Co-Chair of RJC Standards CommitteeYood will serve alongside Eduard Stefanescu, the sustainability manager for C.Hafner, a precious metals refiner in Germany.
IndependentsDec 15, 2025
M.S. Rau to Open Store in AspenThe New Orleans jeweler is also hosting pop-up jewelry boutiques in New York City and Dallas.
Brought to you by
Impacting Tomorrow TodayHow Jewelers of America’s 20 Under 40 are leading to ensure a brighter future for the jewelry industry.
AuctionsDec 12, 2025
13.54-Carat Paraíba Tourmaline Sets Records at Christie’sSet in a Tiffany & Co. necklace, it sold for $4.2 million, the highest price and price per carat paid for a Paraíba tourmaline at auction.
Weekly QuizDec 11, 2025
This Week’s QuizTest your jewelry news knowledge by answering these questions.
MajorsDec 12, 2025
David Webb Reveals Ice-Cold Holiday Window DisplayThe jeweler’s “Deep Freeze” display showcases its iconic jewelry designs frozen in a vintage icebox.
CollectionsDec 12, 2025
Piece of the Week: Oscar Heyman’s Sphene RingTake luxury gifting to new heights this holiday season with the jeweler’s showstopping 12-carat sphene ring.
Brought to you by
Roseco Releases New Full-Line CatalogRoseco’s 704-page catalog showcases new lab-grown diamonds, findings, tools & more—available in print or interactive digital editions.
Events & AwardsDec 12, 2025
IGI Jewelry Design Contest Now Accepting SubmissionsThis year's theme is “Unveiling the Depths of the Ocean.”
TrendsDec 11, 2025
Pinterest 2026 Trend Report: Brooches, Bold Gold, Cool BlueIn its annual report, Pinterest noted an increase in searches for brooches, heirloom jewelry, and ‘80s luxury.
GradingDec 11, 2025
GIA to Offer Origin Determination for 3 More GemstonesStarting Jan. 1, customers can request the service for opal, peridot, and demantoid garnet.
IndependentsDec 11, 2025
Look Inside Day’s Jewelers’ Ninth StoreThe 111-year-old retailer celebrated the opening of its new location in Salem, New Hampshire, which is its third store in the state.
MajorsDec 11, 2025
Americas Gold Releases New Gold Chain CatalogThe new catalog features its most popular chains as well as new styles.
AuctionsDec 10, 2025
Francis Ford Coppola’s Watch Sells for $10.8MThe filmmaker’s personal F.P. Journe “FFC” prototype was the star of Phillips’ recent record-setting watch auction in New York.
WatchesDec 10, 2025
There’s A New Rolex Boutique in MiamiThe new location in the Design District pays homage to Miami’s Art Deco heritage and its connection to the ocean.
SurveysDec 10, 2025
Consumer Confidence Drops in November Inflations, tariffs, and politics—including the government shutdown—were among consumers’ top concerns last month.
SourcingDec 10, 2025
NAJA Announces Details for 2026 ‘Ace It’ Winter Conference“Longtime favorite” presenters, as well as first-time speakers, will lead talks and workshops at the annual event in Tucson next year.
Events & AwardsDec 10, 2025
MJSA Names 2025 Responsible Design Challenge WinnerSilas Smith of Meridian Metalworks won the challenge with his pendant that blends Australian and American landscapes.
AuctionsDec 09, 2025
‘Desert Rose’ Diamond Sells for $8.8M in Abu DhabiThe sale of the 31.68-carat, sunset-hued stone was part of Sotheby’s first series of events and auctions in Abu Dhabi.
ColumnistsDec 09, 2025
Holiday Sales Happen in December, Most Decisions Don’tMost customers who walk into your store this month have made up their minds. Your job is to validate their choice, Emmanuel Raheb writes.
TrendsDec 09, 2025
‘Once Upon a Time,’ Guzema Debuted Its Holiday CollectionThe collection features characters and motifs from Ukrainian folklore, including an enchanted mirror and a magic egg.
Events & AwardsDec 09, 2025
MJSA Showcase Pavilion Returning to JA New York The pavilion will be part of the 2026 JA New York Spring show, scheduled for March 15 to 17.
MajorsDec 08, 2025
Juell Kadet, a ‘Lifelong Pillar’ of Rogers & Hollands, Dies at 96Kadet, a 1994 National Jeweler Retailer Hall of Fame inductee, helped grow the family-owned retailer in the Chicago area and beyond.
TrendsDec 08, 2025
Amanda’s Style File: Celebrating December’s BirthstonesDon’t let those with December birthdays feel blue. Help them celebrate their month with blue zircon, turquoise, and tanzanite.
CollectionsDec 05, 2025
Piece of the Week: Robinson Pelham’s ‘Tsar Star’ EarringsThe new pink sapphire version of the piece dances with its wearer in the brand’s “Icons After Dark” holiday campaign.
TrendsDec 05, 2025
Pantone’s Color of the Year for 2026 Is … WhiteA choice that’s generated a lot of commentary, Pantone says “Cloud Dancer” marks a fresh start and encourages relaxation and creativity.
MajorsDec 05, 2025
Stuller Releases ‘Wrapped in Wonder’ CampaignThe manufacturer’s holiday campaign features a gift guide filled with trending designs and jewelry that can be personalized.
