Technology

21 digital security tips for retailers

TechnologyApr 30, 2014

21 digital security tips for retailers

With the recent data breaches impacting major retailers and web security issues stemming from Heartbleed, National Jeweler takes a look at what jewelers can do to protect their customers. 

050114_Heartbleed-Article.jpg
Heartbleed, a security flaw in OpenSSL, a cryptographic library used to secure a large percentage of the Internet’s traffic, is the latest threat to private consumer data.

New York--The past six months have been rough for the security of private consumer information.

Target and Neiman Marcus both fell victim to massive data breaches, leaving millions of customers vulnerable. The web world was thrown into further turmoil with news of a massive security flaw in OpenSSL, the security software used on about two-thirds of all servers on the Internet.

Though no cases have yet been reported of the flaw, which is called the Heartbleed bug, being used to obtain information, its potential reach is troubling, allowing for the removal of personal and financial information without anyone’s knowledge. 

Retailers are responsible, from many standpoints, for making sure they’re doing everything they can to protect this information.

National Jeweler talked to a number of security experts--Matt Boaman of EZSolution, James Koons of Listrak, Chris Kronenthal of FreedomPay, Andrew Van Noy of Warp 9, Aaron Janowski of Wellsley Consulting and consultant to the Jewelers’ Security Alliance, and Zilvinas Bareisis of Celent--to compile the following list of tips for retailers to secure their customers’ information.

1. Monitor the information. The Heartbleed bug is invisible, so no one can establish ahead of time what information has already been compromised; instead, jewelers should be monitoring for any signs that it has been. The monitoring and response plan is key to being able to show that the company is taking all reasonable steps to keep secure the personal data that is processed.
2. Test the site. This site provides a place to plug in URLs to check if a website is vulnerable to the Heartbleed flaw.
3. Fix the problem. Contact the web host to ensure that if the web server was running one of the vulnerable versions of OpenSSL, they have updated it or patched it right away. Once that’s finished, get a new key for the site’s security certificate.
4. Communicate with customers. Advise customers not to log into the site until it’s been fixed. Once it has, tell them to reset their user passwords if they have an account through the website. They shouldn’t do so before it’s been fixed as that could open them up to more vulnerability.
5. Don’t store unnecessary information. Don’t keep any unnecessary information on a server that doesn’t need to be there. Instead, encrypt the information before sending to a credit card processor.
6. Plan ahead. Consider getting involved in organizations like the Online Trust Alliance, which advocates

that every organization handling customer data create a data management strategy and incident response plan that evaluates data from acquisition through use, storage and destruction. To help with a preparedness plan, the OTA publishes the Data Protection & Breach Readiness Planning Guide, which is updated at least every year and is available for free download here.

Data breaches also continue to be top of mind, as companies work to make sure they’ve secured their payment systems after millions of customers’ information was stolen from Target and Neiman Marcus. Target recently named a new chief information officer and security updates to show consumers it’s taking steps to protect them.

RELATED CONTENT: Target hires new CIO, announces security updates

These breaches can have numerous negative effects for a retailer.

“Whether the result of an online attack, in-store breach, internal theft, malware or accidental loss of data incident such incidents can have significant financial impact and can have devastating consequences on the value of a company’s brand,” said Koons, who is chief privacy officer at Listrak.

The National Retail Federation has since been urging Congress to overhaul the nation’s credit and debit card system, saying that banks’ insistence on a signature instead of a personal identification number, or  PIN, puts customers at risk. The organization is also urging the card industry to switch to new chip-and-PIN cards, much as Target is doing now, which would require use of a PIN instead of the signature.

There are a number of steps that jewelers can take to prevent a data breach.

1. Check the connection. Make sure that the merchant account with the banks being used to process sales is secure.
2. Check the equipment. Ensure the in-store equipment is loaded with anti-hacking, anti-virus software and/or hardware so that nothing on premises is corrupted, which is usually done by proper firewalls, data encryption and security hardware.
3. Do a double take. Double check with the credit card holder's bank for the validity and security of the credit account being used.
4. Prepare for the possibility. Security threats will always be a possibility, and businesses can’t wait until after it happens to figure out what to do. It’s necessary to have a plan to deal with security breaches and other incidents should it happen.
5. Explore all options. There isn’t one technology that will give all the protection needed against cybercrime. Follow a “layered approach” to security and use a number of tactics, including using EMV, tokenization, point-to-point encryption, and dynamic authentication, among other things.
6. Stay up-to-date.  Make sure antivirus and operating systems are up to date with the latest software updates to provide the best protection against threats.
7. Keep it off-site. Avoid storing data unless absolutely necessary. If it’s necessary, they should follow PCI Security Standards Council guidelines.
8. Be proactive. Ensure cashiers always check the customer’s identification and/or ask for the PIN.

If a data breach should occur, immediate action is necessary to help regain security, preserve evidence and protect the brand. Here are steps to follow within the first 24 hours:

9. Jot down activity. Record the date and time when the breach was discovered as well as the current date and time when the team was alerted to the breach.
10. Secure the site. If a data breach comes from inside the store, secure the premises where it occurred to preserve evidence.
11. Prevent more activity. Stop additional data loss by taking affected machines offline but do not turn them off or start investigating in the computer until professionals are there to help.
12. Take extensive notes. Document everything known about the breach so far, including who discovered it, who reported it, to whom was it reported, who else knows about it, what type of breach occurred, what was stolen, what systems are affected, what devices are missing and any other pertinent information.
13. Interview. Talk to the team members who found the breach and anyone else who may know about it and document it to get all the relevant information.
14. Get professional help. Bring in a forensics team to begin the in-depth investigation.
15. Contact law enforcement. If needed, notify law enforcement after consulting with legal counsel and the entire upper management team.

Brecken Branstratoris the senior editor, gemstones at National Jeweler, covering sourcing, pricing and other developments in the colored stone sector.

The Latest

Kendra Scott
MajorsJul 08, 2026
Kendra Scott Joins ‘Shark Tank’ As Permanent Investor

The founder of the billion-dollar jewelry and lifestyle brand will debut as a full-time “Shark” on the upcoming season of the show.

Hands crossed with rings on
SurveysJul 08, 2026
Signet Jewelers Falls 5 Spots on NRF’s ‘Top 100’ Retailers List

Plus, why retailers should be ready to adjust as the U.S. population may decline this year for the first time since the Great Depression.

René Lalique “Woman Dragonfly With Open Wings” pendant
CrimeJul 08, 2026
Here’s What Thieves Stole From the Lalique Museum

René Lalique’s “Woman Dragonfly With Open Wings” pendant, the first piece the museum acquired, was one of the jewels taken.

Brought-To-By-Article-Top-Image.jpg
Brought to you by
Wedding Band Trends 2026: Personalization Takes Center Stage

Colored gemstones, artisan finishes, mixed metals, and meaningful details are shaping demand in bridal jewelry.

Arien Gessner and Moss Makhoulian
MajorsJul 08, 2026
Richline Group Promotes 2 Execs

Arien Gessner and Moss Makhoulian have been elevated into newly created roles.

Weekly QuizJul 01, 2026
This Week’s Quiz
Test your jewelry news knowledge by answering these questions.
Take the Quiz
The Retail Smiths partner and National Jeweler columnist Peter Smith
ColumnistsJul 07, 2026
Peter Smith: Diamond Branding and the Origin Paradox

A podcast prompted Smith to share his views on where origin fits into the natural diamond story and the viability of branded diamonds.

Jewelers of America Impact Initiative Recipients 2026
Events & AwardsJul 07, 2026
JA Announces 2026 Impact Initiative Recipients

The association selected eight recipients for the funding program, which is in its second year.

DCA-NJ-article-1872x1052-060826.jpg
Brought to you by
Building the Future of Jewelry Retail: DCA Expands Education, Leadership Development, and Workforce Solutions

DCA is preparing the next generation of professionals by supporting workforce development, leadership growth, and career advancement.

Zahn Z In Rubies We Clicked
TrendsJul 07, 2026
Amanda’s Style File: Ruby, White and Blue

Whether celebrating America’s 250th birthday or the USA’s World Cup run, July birthstone jewelry can double as a patriotic accessory.

Police van outside of Musée Lalique
CrimeJul 07, 2026
Thieves Steal Millions in Jewels From France’s Musée Lalique

Around 20 pieces of jewelry were stolen from the museum dedicated to French jeweler and glassmaker René Lalique.

Robinson Pelham Summer of ’96 Campaign
CollectionsJul 07, 2026
Robinson Pelham Is Partying Like It’s 1996

The “Summer of ’96” campaign and collection celebrate the year the brand was founded for its 30th anniversary.

Sean Gilbertson
SourcingJul 06, 2026
Gemfields CEO Sean Gilbertson Steps Down

After eight years, Gilbertson is leaving his post at the mining company, which is currently facing a slew of operational challenges.

Bachendorf’s New Dallas Location Exterior Rendering
IndependentsJul 06, 2026
Bachendorf’s To Open Fifth Store In Dallas

The new location is set to open this winter, featuring the retailer’s first rotating jewelry designer residency.

Jung Kook for Graff
MajorsJul 06, 2026
Graff Names BTS Star Jung Kook as New Ambassador

The pop artist appears in the latest campaign for the “Laurence Graff Signature” collection.

Pandora pearl jewelry campaign imagery
CollectionsJul 06, 2026
Pandora’s New Baroque Pearl Collection Is a Whimsical ‘Wonder’

One-of-a-kind pearls take the shape of ice cream cones, frogs, submarines, and other imaginative charms.

London Diamond Bourse President Charlotte Rose
SourcingJul 02, 2026
London Diamond Bourse Elects First Female President

Charlotte Rose said her election is “a sign that this is an industry capable of change.”

Bracelets_1872_1052.jpg
Supplier BulletinJul 02, 2026
Elevating Retail Showcases with Today's Necklace & Bracelet Trends

Sponsored by Rio Grande Jewelry Supply

Oscar Heyman Flag Brooch
TrendsJul 02, 2026
Oscar Heyman’s Flag Brooch Celebrates America

The American jewelry house, founded by Latvian immigrants, has been creating American flag brooches since 1917.

D. Geller & Son store mural
IndependentsJul 02, 2026
D. Geller & Son Partners with KSU Art Students on Store Mural

The artwork celebrates the Atlanta jeweler’s legacy and symbolizes its commitment to supporting local artists and its community.

Hand taking jewelry out of jewelry box
Events & AwardsJul 02, 2026
Stratus Estate Buyers Offers Jewelers Turnkey Buying Events

Its team can evaluate jewelry and watches, as well as luxury handbags, artwork, and collectibles.

Hand holding a gas pump
SurveysJul 01, 2026
Consumer Confidence Ticks Up in June

Falling oil prices were a factor in the slight month-over-month improvement.

Rio Grande Millgrain Wedding band and Round Diamond Engagement Ring
CollectionsJul 01, 2026
Rio Grande Launches First Finished Bridal Collection

The new offering comprises more than 120 bridal and engagement ring styles with natural and lab-grown diamonds.

Rockefeller Center Rink Rolex Clock
WatchesJul 01, 2026
Rolex Unveils Clock at Rockefeller Center

The clock is part of the celebration for the soon-to-open Rolex headquarters on New York City’s Fifth Avenue.

Kristen Cannon
IndependentsJul 01, 2026
Kristen Cannon of Valobra Master Jewelers Dies at 49

The public relations professional is remembered for her benevolent generosity and unwavering commitment to those around her.

G Shock Pokemon watch in Pokeball
WatchesJun 30, 2026
Pokémon Fans Will Want to Catch This New G-Shock Watch

The new watch commemorates Pokémon’s 30th anniversary.

Saks Fifth Avenue door sign
MajorsJun 30, 2026
Saks Global Emerges From Bankruptcy With New Name

The luxury retailer is now called Exemplar Luxury Group.

Jade Ruzzo Lady Collection Compact Mirror Necklace
CollectionsJun 30, 2026
Jade Ruzzo’s New Collection Embodies the Art of Being a Lady

The “Lady” collection is a new take on old beauty standards with gemstone-adorned hair pins and combs, a compact mirror necklace, and more.

×

This site uses cookies to give you the best online experience. By continuing to use & browse this site, we assume you agree to our Privacy Policy