Fighting retail fraud with fire

Read time: 3 mins  Added: 09/07/25

Retailers are a prime target for cyber criminals and fraudsters, but what steps can you take to reduce the risk of attacks and maintain business as usual?

Almost one-third (32%) of UK retailers identified cybersecurity breaches or attacks in the previous 12 months1.  While larger businesses are more likely to be targeted due to the significantly higher potential rewards, as a smaller retailer, you can’t afford to ignore the hidden risks.

For example, could your business cope financially if you lost out on a week’s trading because your systems were compromised? 

Here’s a quick overview of how your business and customers could be affected:

  • Malware is any intrusive software developed by cybercriminals to steal data and damage or destroy computers and computer systems2.
  • Phishing involves the sending of fraudulent communications that appear to come from a legitimate and reputable source, usually through emails and texts3.
  • Ransomware is a type of malicious software or malware. It encrypts a victim's data, after which the attacker demands a ransom4.

Retailers are an attractive target for fraudsters because they process a large number of card transactions daily. In 2025, retail ecommerce sales as a share of total retail sales in the UK are predicted to reach approximately 38%5.

Retailers can also fall victim to fake invoices – fraudsters posing as a supplier send the business an email with a false invoice, triggering the business to amend a genuine payment to redirect it to a fraudster. Suppliers may need to change their payment details from time to time, however if you receive an email asking you to update your payment details, it may be worth a phone call to a trusted person within the supplier business to confirm whether or not the request is genuine.

Fending off the card sharks

The impact of card fraud on small retailers doesn’t end immediately after an attack. Over 90% of customers spent less in the six months following a fraud incident6.

One of the main ways to increase your cybersecurity resilience is through secure online payment gateways and encryption. Lloyds Cardnet has solutions for taking secure online, over-the-phone and in-store contactless payments to provide peace of mind. However, knowing the full range of threats from unexpected sources is essential.

The need for being up-to-speed

Ensuring you and your staff can identify the tell-tale signs and escalate potential fraud cases quickly can save your business money.

It’s also vital to vet potential employees when recruiting, especially when hiring temporary or seasonal contract staff. For example, you may want to conduct criminal record and credit checks for specific roles. 

With cyberattacks becoming increasingly more sophisticated through AI and other technologies, you can’t rely solely on your staff for prevention. Utilising fraud detection software and transaction monitoring can be invaluable tools for your retail business.

IT issues outside your control

Even when you’ve taken all the measures you can, your business could still be vulnerable to third-party data breaches and financial fraud from suppliers and partners. For example, issues can stem from malware that no one knows is running in the background.

It’s also wise to review cyber insurance options to mitigate your financial risks. Even more important is fully understanding the coverage and limitations of insurance policies so you know what is and isn’t included. We can help with this through our relationship with Gallagher Insurance Brokers

Preventing the worst-case scenario

Here are seven steps to help prevent cyberattacks and reduce their impact: 

  1. Back up your data daily in the cloud so you don’t lose access to it.
  2. Review staff permissions to things such as downloading apps, and limit use of USB sticks from outside your organisation. 
  3. Change passwords regularly on devices such as in-store tablets and ensure the passwords are suitably complex. 
  4. Use two-factor authentication on staff email accounts so hackers can’t access them.
  5. Inform your customers as soon as possible that their details may have been hacked so they can take any necessary action. 
  6. Create a cybersecurity plan so your staff know what’s expected of them.
  7. Sign up to cybercrime alerts from ActionFraud.

You can learn more in the National Cyber Security Centre’s guide for small businesses

Lloyds business customers don’t have to tackle cyberattacks and fraud alone. There is support and guidance available to you should you become a victim of a cyberattack or fraud. 

You may also be interested in

Recruit and retain your dream retail team

Taking on and keeping the most suitable staff for your retail business: Six tips that could help you save time and money.
 

Find out more about recruitment and retention

Resilience in retail: Four ways to cut costs

With outgoings on the rise for many UK retailers, we explore four ways you can cut operating costs to navigate uncertain times more confidently. 

Explore cost cutting options

1 GOV.UK - Cyber security breaches survey 2025

Cisco - What is malware?

Cisco - What is phishing?

4 Cisco - What is ransomware?

Statista - E-commerce share of retail sales revenue in the United Kingdom (UK) from 2020 to 2025

Visa - Research reveals two in five UK SMBs have lost money to fraudsters