DLP: Defending Retail from Fraud Schemes
Written by Lev Matveev, Founder of SearchInform
Customer and supplier data, transactions, pricing, etc.—all of these are vital assets for retailers. In the wrong hands, this asset can turn into a business killer. Employees often, whether intentionally or not, become insiders and cause serious incidents that result in data leakage or fraud. How can retail companies protect themselves and their customers from increasing insider threats? This is the issue we are going to explore today.
Figures Don’t Lie
The fact that insider threats are becoming more frequent is confirmed by various studies. Searchinform’s 2023 Research on InfoSec Incidents in SMEs shows that all surveyed entities experienced insider incidents last year. The number of reports about such cases in the world increased from 66% in 2019 to 76% in 2024. The study by the UAE Cyber Security Council and CPX highlights a 30% increase in insider threat incidents within the Emirates.
Given that retail is the third-biggest sector of the UAE economy, its security is of great importance. The 2023 UAE Retail Report by Adyen reveals that, while 68% of businesses claim to have effective anti-fraud measures, 44% of UAE retailers faced cyberattacks or data breaches last year. Fraud victims increased by 39% compared to 2022.
The Adyen report also shows that 18% of UAE consumers regularly leave online stores without purchasing due to security concerns, while 29% prefer stores with a higher security level. Thus, implementing strong security measures pays off not only financially but also in terms of reputation and customer loyalty.
DLP, The Rescue Ranger
Research shows that employees usually cause internal security breaches unintentionally. For example, many people do not view sending the personal data of staff members to a non-corporate email as something serious. Meanwhile, companies face data leaks and subsequent penalties from regulators.
Malicious insiders who collect and leak sensitive information outside the corporate perimeter for personal gain are less common; they are responsible for about 25% of such incidents. Despite their lower frequency, these cases are the costliest, averaging $701,500 per incident. Organizations must be prepared to protect against both unintentional and malicious insider threats.
So, what measures should retailers implement to effectively prevent insider incidents and keep their businesses and customers safe?
One of the basic tools to address such threats is a Data Loss Prevention (DLP) system. DLP is a practical solution for businesses seeking to strengthen their defences against information leaks and corporate fraud. These types of systems comprehensively monitor all popular data transfer channels, thoroughly analyze incoming and outgoing information, detect and prevent violations by blocking unauthorized transmissions outside the corporate perimeter, and provide administrators with detailed reports.
Advanced versions of modern DLP systems can offer extra features, such as detecting complex corporate fraud schemes, equipment theft, working for competitors, poor performance, and more. Next-gen DLPs have capabilities for eliminating problems that previously were impossible to solve, for example, protection against malicious insiders taking photos or screenshots of corporate device screens. These kinds of solutions also provide control over messengers protected by end-to-end encryption.
However, not all companies, especially small ones, can afford to maintain an in-house DLP. Even if the organization has sufficient budgets to purchase software licenses and required hardware, the system still requires a qualified administrator. This comes at an extra cost, what’s more, there’s a severe lack of information security officers on the market. If you need a solution without a huge financial burden and HR-related issues, the Managed Security Service (MSS) with integrated next-gen DLP can be a perfect choice.
A dedicated information security officer will configure the service according to your requirements, maintain it, ensure monitoring, prevent incidents, notify you about the violations and provide comprehensive reports on what’s happening in the company. Meanwhile, you retain full control over the processes and decide on the steps to be taken. This approach ensures comprehensive protection without overwhelming your budget.
How DLP Protects Retail: Real-Life Cases
Now let’s take a look at some of the cases from SearchInform experts’ practice. In all of them, companies managed to identify intruders and violations using the DLP system.
Case #1: Good Old Kickbacks
A car dealer deployed a DLP system to detect episodes of corporate fraud. Due to the security policies set up for identifying kickback attempts, a couple of malicious insiders within the organization were caught red-handed.
One of the sales managers tried to deceive a client by falsely claiming she was ineligible for discounts and then offered her a “special” discounted price in exchange for a kickback. He applied a standard discount available to all clients, presented it as a beneficial deal, and requested a 2% cash payment for himself and his superior.
Another manager colluded with competitors by sending overpriced quotes to customers and passing their contacts to a rival dealership. There, clients were offered the same cars for 6–7% less but were asked to partially pay in cash. The cash payment was meant to be a reward for the tipster.
The first scheme would have cost the dealership $900 per transaction, totalling $225,000 per year, with the risk of lawsuits. The second scheme would have resulted in a monthly loss of $400,000 due to client outflow. Thanks to DLP monitoring and analysis of these insiders’ social media chats, IS officers could prevent fraudulent activities with serious consequences.
Case #2: Friendly Leak
An IS analyst at a retail company detected an attempt to leak information. As it turned out, the sales manager and the director of a competitor company were buddies. They came up with a simple fraud scheme: the sales manager was supposed to pass information about potential customers on to competitors for a certain amount of money. With the help of a DLP system, the information security analyst detected the employee starting to copy the customer base to an external hard disk. This became the basis for launching an investigation that prevented the incident.
Thanks to the DLP system, the company managed to avoid damage that would have been estimated at millions of dollars.
Case #3: Great Fraud Wall
One day, a retail company received a letter from its Chinese supplier. Foreign colleagues were requesting payment for purchased equipment. There was also a warning that the bank account details had changed and the money needed to be transferred to a new account. This aroused suspicion among the IS department specialists, and they initiated an investigation using DLP. It was discovered that an employee had received a message with the real account details but attempted to replace them with fake data. The employee was fired. The company successfully avoided financial losses.
The invoice from the Chinese supplier amounted to $370,000. Had the incident not been uncovered, the company would have lost that money and faced a serious misunderstanding with its foreign partner.
Case #4: The Calamoo-ty
A small organization that sells dairy products deployed a DLP system for testing. They set up a file containing the company’s budget, expenses, and revenue for search and tracking, with access restricted to top managers. Suddenly, one of the employees uploaded the document to her laptop and emailed it to a colleague. The investigation revealed that she had been accessing the commercial director’s computer during her spare time to view his files. The employee was dismissed, and her supervisor received a briefing on the importance of protecting confidential data from unauthorized access.
The leak of this file could have not only intensified competition with existing enterprises but also provided a basis for new competitors to enter the dairy market. The potential damage from such an incident was estimated to be approximately $850,000.
_________
As can be seen from the cases, Data Loss Prevention systems play an important role in protection against internal threats. This also was highlighted by Saeed Al-Shebli, Deputy Director of Digital Security at the Ministry of Interior of the UAE, in his latest column. He pointed out that DLP solutions enhance security by preventing users from copying, transferring, or leaking data.