Bookshops are hackers’ latest targets so it’s time to step up your security

12 December 2022

The criminal underworld has a new target – small e-commerce bookstores. With less robust IT security than their bigger rivals, many bookshops are leaving themselves open to hackers. Making it easy for cyber criminals to steal customers’ card details and leaving vendors liable for such huge costs that some go out of business.

This awful scenario doesn’t need to happen to your business. Because there are many easy, cost-effective ways to defend your systems and prevent attacks. How do we know? Because IntaForensics is one of only 21 payment investigation companies in the world.

Damian Walton, Managing Director at IntaForensics, and Holly Jackson, Principal Cyber Security Consultant, explore why bookstore owners are being targeted by hackers. And how you can protect your business from significant damage.


What is a payment card hacking attack?

A subset of cyber-attacks, payment card hacking attacks are carried out by criminals who target companies that take card payments. One of the bigger attacks was carried out on British Airways in 2018. The company’s systems were hacked with criminals stealing 380,000 customer card details thought to be worth £20m when sold on the dark web. Clearly, this can be a lucrative business. But are cyber gangs interested in targeting smaller firms?


Why small bookstore owners shouldn’t expect to go under the radar

“Despite news reports focusing on major payment card hacking attacks, the vast majority are on small companies,” explains Holly. “Independent stores or online businesses often think they’re too small to be hacked.”

But with fewer resources to invest in cyber security, smaller companies are actually more at risk from criminal activity. And, although card payment attacks have happened for a long time, the problem has escalated since the pandemic. With businesses pivoting rapidly to an e-commerce model and asking people to work from home, many failed to put effective security measures in place. Creating system vulnerabilities that can be costly to businesses and their customers.


How does a card payment hacking attack impact a business?

When a book merchant is hacked, the owner often feels they’re a victim of crime. Unfortunately, the law, their customers and the card companies don’t see it that way as they hold owners responsible for allowing their business to be attacked.

When customers’ card details are breached, banks must take action to meet the regulations of major card brands, like Visa and Mastercard. These card companies tell the vendor they must undertake and pay for a forensic investigation with a licensed investigation company. The aim is to investigate the attack, mitigate any damage and try to prevent future attacks.

The fallout from these investigations can be severe as:

  1. The bookshop owner must follow through on the investigations’ recommendations – like improving security measures to contain the current attack and prevent further attacks.
  2. Larger breaches may incur fines – these can be from the card providers involved and the Information Commissioner’s Office who can issue fines under the General Data Protection Regulations.
  3. The shop can also incur significant reputational damage – particularly in the age of social media when news about attacks often spreads rapidly.

“Unfortunately, for a lot smaller vendors, the cost is too much, and they go out of business,” says Damian.

“The good news is there’s a lot bookshop owners can do to protect themselves.”


Your payment card protection checklist

When the press reports a major attack, they invariably say it was sophisticated. But this is rarely the case. The reality is many card hacking attacks happen because basic security measures are not in place. These issues can be fixed easily by:

  1. Making sure your antivirus software is up to date – if you’ve ignored the last few update prompts, it’s time to take action.
  2. Making sure your e-commerce platform is updated – software like WordPress and Magento needs to be patched to reduce or remove vulnerabilities.
  3. Ensure your passwords are sufficiently complex – and introduce multi-factor authentication to provide added security.
  4. Undertake the government’s Cyber Essentials scheme – it only costs a few hundred pounds and is great value for money.

“We always recommend Cyber Essentials to small businesses,” says Damian. “Simply complete the assessment then follow the recommendations. Like the only house in the street with a burglar alarm, your business will automatically be better protected than the vast majority of companies out there.”


For more information about Cyber Essentials or to talk to one of the team, call us on 0247 77 17780 or email at

Talk to our consultation team today

Contact Us

I can honestly say that your excellent customer service and communication has made our forensic instructions to you exceptionally easy. I am very conscious of the amount of time I must have taken up with various queries, requests, and then changed requests but you have always been very patient, polite and extremely helpful.

Case Review Manager - Criminal Cases Review Commission