Security for Omnichannel Retail: containing the attack that goes from the physical store to e-commerce

Physical stores, e-commerce, apps and logistics form a single attack surface. See how Decripte contains ransomware lateral movement and structures segmentation, Zero Trust and unified monitoring — with a 24x7 SOC and a containment SLA of less than or equal to 1 hour.

Direct answer

To protect omnichannel retail, you must treat physical stores, e-commerce, apps and logistics as a single interconnected attack surface — not as isolated systems. In practice this means: segmenting the network so that a compromised POS cannot reach the data center or e-commerce, applying Zero Trust to all integrations (ERP, payment gateways, WMS), monitoring POS, in-store IoT and cloud in a unified 24x7 SOC with cross-channel correlation, maintaining a continuous vulnerability management program over the heterogeneous terminal fleet, and having an Incident Response plan with a containment SLA of less than or equal to 1 hour prepared specifically to contain lateral movement between channels. Decripte structures exactly this architecture: zone-based segmentation, unified telemetry, pentest of the seams between online and offline, and fast containment when ransomware tries to jump from a store to the heart of the operation.

24/7

SOC monitoring POS, IoT and cloud

<=1h

Incident containment SLA

PCI-DSS

Mandatory for those who process cards

LGPD

Customer data across all channels

In summary

  • In omnichannel retail, physical stores, e-commerce, apps and logistics share data and integrations — a single compromised POS can become the entry point to e-commerce and the ERP.
  • Modern ransomware rarely encrypts on the first machine: it moves laterally for days before detonating. Containing the lateral movement is more decisive than cleaning up the initial machine.
  • Network segmentation and Zero Trust on integrations are what prevent a store incident from becoming a company-wide, whole-chain incident.
  • PCI-DSS governs whoever captures cards (POS, e-commerce, app) and the LGPD governs all personal customer data regardless of channel — both require documented monitoring and incident response.
  • A unified SOC that correlates events from POS, IoT, cloud and ERP detects the attack in the reconnaissance phase, not the extortion phase.
  • Decripte combines a 24x7 SOC, Pentest of the seams between channels, Vulnerability Management of the heterogeneous fleet and Incident Response with containment less than or equal to 1h.
Varejo e E-commerce

Cibersegurança para Omnichannel Physical Retail

Physical stores, e-commerce, apps and logistics form a single attack surface. See how Decripte contains ransomware lateral movement and structures segmentation, Zero Trust and unified monitoring — with a 24x7 SOC and a containment SLA of less than or equal to 1 hour.

Why omnichannel retail is a single (and dangerous) attack surface

Retail has ceased to be a set of separate channels. The customer buys on the app, picks up in the store, exchanges through e-commerce, is served on WhatsApp and has the order delivered by the carrier — all tied together by the same registration, the same loyalty program and the same ERP. This integration, which is the heart of the omnichannel experience, is exactly what creates the hardest attack surface to defend in the sector: heterogeneous, distributed and full of seams where systems of different generations must trust one another.

At the physical edge, each store is a small exposed data center. There are POS terminals running systems that often go years without updates, connected readers and scales, IP cameras, air-conditioning and refrigeration controllers, electronic shelf labels, self-checkout kiosks and remotely managed routers. Much of this fleet is IoT with old firmware, a default password and no ability to receive a security agent. Multiply that by dozens or hundreds of stores and you have thousands of devices the central team rarely sees in real time.

At the digital core, e-commerce, the app, payment gateways, the CRM, the loyalty system and the ERP concentrate personal and financial data of millions of customers. And between the physical edge and the digital core there are integrations: the POS talks to central inventory, e-commerce checks store availability, the WMS coordinates logistics, the ERP stitches everything together. Each of these integrations is a route an attacker can travel — almost always in the direction no one expected: from the simplest store to the most critical system.

The structural risk of omnichannel

The integration that delivers convenience to the customer also delivers paths to the attacker. When physical stores, e-commerce, app and ERP share a network, credentials or implicit trust, the compromise of any weak point — a forgotten POS, a camera with a default password — becomes potential access to the whole.

The result is a classic mismatch: security investment tends to concentrate on e-commerce, because that is where traffic and revenue show up on the dashboards. But the modern attacker enters through the cheapest door. A physical store with a misconfigured VPN, a back-office terminal with exposed RDP or a compromised IoT device cost little to invade and offer a direct springboard into the corporate network. The defense must see omnichannel the way the attacker sees it: a single mesh, defended by its weakest link.

The five threats that most affect omnichannel retail

1. Ransomware with lateral movement

It is the threat that most brings down retail operations worldwide. The modern attack does not encrypt the first machine it infects. The operator enters through a store, a phishing message or a leaked credential, performs network reconnaissance for hours or days, escalates privileges, maps domain controllers and backups, moves laterally to the operation's core and only then detonates the encryption — preferably on a peak date, such as Black Friday or Christmas, to maximize the extortion pressure. In retail, encrypting the ERP or the central POS system can paralyze physical stores and e-commerce at the same time.

2. POS and in-store IoT compromise

Point-of-sale terminals are a historic target because they touch card data and sit in physically accessible environments. POS malware that scrapes track data from memory (RAM scraping), physical and digital skimmers, and implants in outdated terminals remain active. In-store IoT — cameras, controllers, kiosks — is even more neglected: devices with old firmware and factory passwords become persistent footholds that survive cleanups because no one inventories them.

3. Omnichannel data leakage + 4. Integrated fraud + 5. ERP attacks

The unified customer registration is the most valuable and most dangerous asset: it cross-references physical purchases, online history, loyalty, addresses and payment methods, concentrating exposure under the LGPD — leaks occur through a poorly protected app API, an exposed cloud bucket or exfiltration via double-extortion ransomware. Integrated online-offline fraud crosses channels (online purchase with in-store pickup using a fraudulent card, exchange abuse, account takeover) and is often a symptom of credential or API compromise. And the ERP — the retail nervous system (inventory, finance, tax, prices) — is the preferred destination of lateral movement: service credentials with excessive privilege and legacy connectors without strong authentication turn the ERP into the path of least resistance. Compromising the ERP is compromising the entire operation.

Typical blind spots in omnichannel retail

  • POS and IoT fleet without an up-to-date inventory or central visibility
  • Stores on a flat network, without segmentation from the corporate core
  • ERP integration service credentials with excessive privilege and no rotation
  • Remote access from suppliers and support (RDP/VPN) without MFA and without an audit trail
  • Backups accessible from the same network that will be encrypted
  • POS, IoT and cloud logs that never reach a unified SOC
Gestão de Ameaças · Grátis

Is omnichannel physical retail data already exposed or up for sale? Find out now — for free.

Sem cartão, sem compromisso. Descubra em minutos o que já vazou da sua empresa e qual é o seu risco real.

Anatomy of the attack that spreads from a store to e-commerce

It is worth understanding the mechanism, because it is what defines the defense. A typical omnichannel compromise does not begin in e-commerce — it begins where investment is lowest. The attacker seeks the link of least resistance, and in retail that link is usually a physical store or a supplier with remote access.

The entry point can be a back-office terminal with RDP exposed to the internet, a store-manager credential leaked in another service and reused, phishing aimed at the store's administrative team, or an IoT device with a default password. From that point, the attacker performs reconnaissance: lists machines, identifies domain controllers, looks for network shares and, crucially, discovers that the store is on the same logical mesh as the corporate core.

The jump that must be prevented

The decisive moment is not the initial infection — it is the jump from the store zone to the corporate zone. If the network is flat, this jump is trivial and the attacker reaches the ERP, e-commerce and backups. If there is real segmentation and Zero Trust on the integrations, the jump fails or generates detectable noise, and the incident stays contained in the store.

With lateral access, the attacker escalates privileges — abusing integration service credentials, reused administrative accounts or configuration flaws in Active Directory. They go for the backups first, to neutralize them and secure extortion power. Then they exfiltrate data from the unified customer registration (double extortion under the LGPD) and, finally, position the ransomware payload across all critical systems for simultaneous detonation.

When encryption happens, the damage is already omnichannel: store POS freezes, e-commerce goes down because the ERP that feeds inventory and pricing was encrypted, and the attacker still has a copy of the customer data for blackmail. The attack that began in a single cheap store paralyzed the entire company. That is why, in omnichannel retail, containing lateral movement matters more than cleaning up the initial machine.

Dwell time

Ransomware operators tend to stay on the network for days before detonating. This window is the defense's opportunity: a SOC that detects reconnaissance, escalation and lateral movement interrupts the attack before encryption. Late detection turns a containable incident into a business-continuity crisis.

Anonymized case: containing a ransomware that jumped from the store to the core

The scenario below is real and anonymized. It does not identify the client and serves to show, step by step, how Decripte acts in a typical omnichannel-retail incident. The details reflect real attack patterns and Decripte's response method, but the company and the data are fictional.

Imagine a retail chain with 80 physical stores, its own e-commerce, an app with a loyalty program and logistics integrated by a WMS, all orchestrated by a central ERP. The full reading of the anatomy, from detection to outcome, is in the case-study timeline further down this page.

What this case illustrates

  • The attack enters through the cheapest link (physical store), not through e-commerce
  • The flat network allows the jump from the store to the core — this is the structural error
  • The unified SOC detects in the reconnaissance phase, before encryption
  • Containment isolates the compromised zone in less than 1 hour
  • Eradication only ends after hunting persistence in POS and IoT
  • The rebuild prioritizes intact backups and corrected segmentation
  • The lessons become architecture: segmentation, Zero Trust and continuous monitoring

The central point of the case is that the difference between a scare and a Black Friday shutdown is not luck, but architecture: segmentation that prevents the jump, telemetry that sees POS and IoT, and a response team with a containment SLA of less than or equal to 1 hour.

How Decripte responds to an incident in omnichannel retail

Incident response in retail has a constraint other sectors do not have: you cannot simply turn everything off. Every minute of a store being down and e-commerce being offline is lost revenue and an unhappy customer. Decripte works with surgical containment — isolating what is compromised without bringing down what is healthy — and with a containment SLA of less than or equal to 1 hour from activation.

Response principle in retail

Contain first what is moving, not what is visible. The priority is to interrupt lateral movement between channels before any cleanup, because it is the propagation — and not the initial machine — that turns a store incident into an omnichannel shutdown.

Eradication in retail requires special rigor with the heterogeneous fleet: it is not enough to clean servers, you must hunt persistence in POS terminals and IoT devices that rarely make it into inventories. And recovery prioritizes restoring the operation in the order that minimizes revenue loss, always validating that the backups are intact and free of the attacker before reconnecting them. The full detail of the steps is in the structured-response section of this page.

Gestão de Ameaças · Grátis

What would an incident in omnichannel physical retail cost? See your real risk before it happens.

Sem cartão, sem compromisso. Descubra em minutos o que já vazou da sua empresa e qual é o seu risco real.

How Decripte structures omnichannel retail security

Responding to incidents is necessary, but the goal is for them to stop escalating. Decripte structures omnichannel retail security on pillars that directly attack the cross-channel propagation mechanism: segmentation, Zero Trust, unified monitoring and continuous hardening of the fleet. The idea is simple to state and hard to execute without method: make it so the compromise of any weak point does not translate into the compromise of the whole.

What changes when the architecture is right

  • A compromised POS stays contained in the store zone and does not reach the ERP
  • ERP/e-commerce integrations authenticate and authorize every call (Zero Trust)
  • POS, IoT, cloud and ERP send telemetry to a single SOC that correlates
  • Vulnerabilities in the heterogeneous fleet enter a continuous remediation cycle
  • Backups are isolated from the production network and are tested periodically
  • Supplier and support accesses go through MFA and an auditable trail

The full pillars — zone-based segmentation, Zero Trust on integrations, a unified SOC, continuous vulnerability management and a rehearsed response plan — are detailed in the structuring section of this page. Each of them was chosen to neutralize a specific stage of the omnichannel attack described above.

Compliance: PCI-DSS, LGPD and what retail must demonstrate

Omnichannel retail lives under two main overlapping compliance regimes. Whoever captures, processes or stores card data — which includes POS, e-commerce and app — is subject to PCI-DSS, the card-industry standard that requires, among other things, segmentation of the cardholder data environment (CDE), access control, log monitoring and vulnerability management. The segmentation Decripte recommends for security also drastically reduces PCI-DSS scope, lowering the cost and complexity of compliance.

In parallel, the LGPD governs all personal customer data, in any channel. The unified omnichannel registration is, by definition, a large database of personal data under the General Data Protection Law, overseen by the ANPD. The LGPD requires technical and administrative security measures and, in the event of an incident with risk to data subjects, requires communication to the ANPD and to those affected within a reasonable timeframe. This makes Incident Response not only a technical matter, but a documentable legal obligation.

Compliance and security go hand in hand

Segmenting the network (a PCI-DSS requirement for the CDE) is the same measure that prevents ransomware lateral movement. Keeping centralized logs and incident response (an LGPD and PCI-DSS requirement) is the same capability that detects the attack early. Good operational security produces compliance as a byproduct — not the other way around.

Companies pursuing ISO 27001 or SOC 2 — common in retailers that sell to large accounts or operate marketplaces — find in the same pillars (access management, monitoring, vulnerability management, incident response) the basis of the required controls. Decripte structures security so that compliance is demonstrable, not improvised on the eve of the audit.

Where to start: diagnosis before hardening

No one defends what they cannot see. The first step in omnichannel retail is understanding the real attack surface: how many stores, which POS terminals and in what version, what the IoT inventory is, how the store networks connect to the core, which integrations the ERP exposes and how e-commerce and the app authenticate their APIs. This map almost never exists in full, and building it already reveals the most urgent risks.

Decripte offers a free Threat Management plan at decripte.com.br/intelligence-center, which lets you begin to see the operation's exposure with no commitment. From this initial diagnosis, structuring advances to Pentest of the seams between channels, Vulnerability Management of the fleet, a 24x7 SOC for continuous monitoring and an Incident Response plan ready to contain lateral movement.

Start with the free diagnosis

At decripte.com.br/intelligence-center you begin Threat Management at no cost and see your omnichannel exposure. To structure full security, decripte.io/start. To talk to a specialist about your scenario, /contato.

Retail cannot wait for the attack to discover it was on a flat network. The real choice is between investing in architecture and monitoring now, in a planned way, or paying the cost of an omnichannel shutdown in the middle of the sales season. Decripte helps you make the first choice.

From the physical store to e-commerce: anatomy of a contained ransomware (anonymized real-world example)

Real, de-identified example

Anonymized real-world example (client not identified). A retail chain with 80 physical stores, its own e-commerce, an app with a loyalty program and logistics integrated by a WMS, all orchestrated by a central ERP. The stores connect to the corporate core over a network with insufficient segmentation — in practice, nearly flat. Timing: the eve of a major sales season, when operational pressure is at its highest and any downtime is expensive. The attack begins where security investment is lowest: a physical store.

  1. Entry (Day 0)

    A store's back-office terminal, with exposed RDP remote access and a manager credential reused from a prior leak, is compromised. The attacker gains the first foothold on a device no one closely monitors. No alarm goes off in central operations — the store is treated as low-risk periphery.

  2. Reconnaissance and lateral movement (Days 0-2)

    The operator maps the network and discovers that the store is on the same logical mesh as the corporate core. They move laterally toward the data center, list domain controllers and identify ERP integration service credentials with excessive privilege. This is where Decripte's 24x7 SOC detects the pattern: anomalous internal scans, off-hours authentications and attempts to access sensitive shares from a store IP. The event is correlated across POS, network and ERP telemetry — something that per-channel monitoring in isolation would not see.

  3. Containment (<=1h from activation)

    With the Incident Response plan activated, Decripte executes surgical containment: it isolates the compromised store zone and the abused service accounts, blocks the exploited remote access and cuts the lateral route to the core — without bringing down the other 79 stores or e-commerce. Lateral movement is interrupted before the attacker reaches the backups or positions the ransomware payload. The jump from the store to the core is aborted.

  4. Eradication (Days 2-4)

    The team hunts persistence beyond the servers: POS terminals, store IoT devices and service accounts are inspected, because it is in these neglected points that implants survive superficial cleanups. Compromised credentials are rotated, the exposed RDP is eliminated and the privileges of the ERP integration accounts are reduced to the minimum necessary.

  5. Recovery (Days 4-6)

    The operation is restored in the order that minimizes revenue loss, validating that the backups are intact and free of the attacker before any reconnection. Stores return to POS, e-commerce is reconnected to the sanitized ERP and monitoring remains reinforced to detect return attempts. The sales season proceeds without a shutdown.

  6. Lessons and hardening (following weeks)

    The incident becomes architecture: the network is segmented into zones (store, corporate, payment CDE), Zero Trust is applied to the ERP/e-commerce integrations, backups are isolated from the production network, supplier accesses gain MFA and a trail, and POS and IoT telemetry now flows permanently to the SOC. A pentest validates that the store-to-core jump is no longer possible.

Outcome with Decripte

Because the lateral movement was detected in the reconnaissance phase and contained in less than 1 hour, the attack that entered through a single cheap store never got to encrypt the ERP or e-commerce, and no customer data was exfiltrated. What could have been an omnichannel shutdown in the middle of the sales season — with stores frozen, e-commerce offline, data leaked and extortion — ended as an incident contained in one zone. More importantly: the subsequent structuring (segmentation, Zero Trust, unified SOC and isolated backups) ensured the same vector does not work again. This is Decripte's method: contain fast, eradicate thoroughly and turn the incident into resilient architecture.

Resposta a Incidentes · 24/7

Don’t wait for the incident. Start hardening omnichannel physical retail today.

Comece pelo diagnóstico gratuito agora e veja em minutos o que já vazou. SOC 24x7 e contenção em até 1h nos planos pagos.

How Decripte responds to an incident in omnichannel retail

Decripte's response is designed for retail's central constraint: contain without paralyzing the healthy operation, interrupting lateral movement between channels with a containment SLA of less than or equal to 1 hour from activation.

  1. Activation and immediate triage: the 24x7 SOC classifies the severity, identifies the affected channels (store, e-commerce, app, ERP, logistics) and activates the Incident Response plan, establishing a single point of command.
  2. Surgical containment of lateral movement: isolate the compromised zones and accounts and cut the lateral routes to the core — prioritizing interrupting propagation before any cleanup, without bringing down healthy stores and channels.
  3. Evidence preservation and scoping: collect forensic artifacts from POS, servers, cloud and integration logs to understand the entry point, reach and whether personal data was exfiltrated (relevant to the LGPD obligation).
  4. Eradication across the heterogeneous fleet: hunt persistence not only on servers, but on POS terminals and store IoT devices, rotate compromised credentials and close the entry vector (exposed RDP, VPN without MFA, excessive integration privilege).
  5. Revenue-prioritized recovery: restore the operation in the order that minimizes financial loss, validating backup integrity and ensuring they are free of the attacker before reconnecting them to production.
  6. Assessment of regulatory obligations: support the decision on communication to the ANPD and to data subjects (LGPD) and on PCI-DSS notifications, with documentation that sustains the company's position.
  7. Reinforced post-incident monitoring: maintain intensive vigilance over attacker return attempts and residual compromise indicators in the days following recovery.
  8. Report and hardening plan: deliver the anatomy of the incident and convert the lessons into architecture — segmentation, Zero Trust, backup isolation and monitoring adjustments — so that the same vector does not work again.

How Decripte structures omnichannel retail security

The structuring directly attacks the cross-channel propagation mechanism. Each pillar neutralizes a specific stage of the attack that goes from the physical store to e-commerce, turning a vulnerable mesh into defensible, monitored zones.

Zone-based segmentation

Logically separate stores, the corporate environment, e-commerce and the cardholder data environment (CDE). A compromised store stays contained in its zone and does not reach the ERP or the backups. This segmentation is, at once, a PCI-DSS requirement for the CDE and the barrier that aborts ransomware lateral movement.

Zero Trust on integrations

Eliminate implicit trust between systems. Each call between POS, ERP, e-commerce, WMS and suppliers authenticates and authorizes explicitly, service credentials have minimum privilege and are rotated, and remote accesses require MFA and an auditable trail. The seams stop being free routes for the attacker.

Unified 24x7 SOC

Centralize telemetry from POS, in-store IoT, cloud, e-commerce and ERP in a single SOC that correlates events across channels. It is this correlation that detects reconnaissance and lateral movement within the attacker's dwell window — before encryption — instead of discovering the attack only when the extortion arrives.

Continuous vulnerability management

Maintain a permanent cycle of discovery, prioritization and remediation over the heterogeneous fleet: outdated POS, IoT with old firmware, exposed integrations and the web applications of e-commerce and the app. Known vulnerabilities stop being open doors waiting for the attacker.

Pentest of the seams

Adversarially test exactly where online meets offline: the store-to-core route, the app and e-commerce APIs, the ERP integrations and supplier accesses. The pentest validates that the store-to-core jump is not possible and exposes configuration flaws before a real attacker finds them.

Rehearsed Incident Response

Maintain a retail-specific IR plan, with defined roles, a containment SLA of less than or equal to 1 hour, tested backup isolation and playbooks to contain lateral movement without paralyzing healthy channels. A rehearsed plan is the difference between a contained incident and a continuity crisis.

Recommended plans for Omnichannel Physical Retail

Frequently asked questions

Why does the attacker enter through the physical store and not through e-commerce?

Because security investment tends to concentrate on e-commerce, which is where traffic and revenue show up. The attacker seeks the link of least resistance: a store terminal with exposed RDP, a reused manager credential or an IoT device with a default password cost little to invade and, on a flat network, give access to the entire core. The cheap store becomes the springboard to e-commerce and the ERP.

What is lateral movement and why is it so decisive in retail?

Lateral movement is the attacker's displacement from an initially compromised machine toward more critical systems, escalating privileges along the way. In omnichannel retail it is decisive because it is what turns the compromise of one store into the paralysis of the entire company. Containing lateral movement matters more than cleaning up the initial machine — it is the jump between zones that must be prevented.

Will segmenting the network disrupt the integrated omnichannel operation?

No, when done well. Segmentation does not mean isolating channels to the point of breaking the integration; it means controlling and explicitly authenticating what passes between the zones (Zero Trust). Stores, e-commerce and ERP keep talking to one another, but each call is authorized and anomalous traffic is blocked. The business integration remains; it is the attacker's free route that disappears. As a bonus, segmentation reduces PCI-DSS scope.

How do you protect POS terminals and IoT devices that cannot receive a security agent?

With a combination of compensating controls: segment these devices into their own zones, monitor their network traffic in the SOC, eliminate default passwords, keep an up-to-date inventory, restrict what they can access and prioritize firmware updates via vulnerability management. Even without an agent on the device, network telemetry and segmentation contain what a compromised IoT device can do.

What compliance obligations must omnichannel retail meet?

Mainly two that overlap: PCI-DSS, for those who capture or process card data (POS, e-commerce, app), which requires CDE segmentation, access control and monitoring; and the LGPD, overseen by the ANPD, which governs all personal customer data in any channel and requires security measures and communication of incidents with risk to data subjects. Retailers that sell to large accounts also frequently pursue ISO 27001 or SOC 2.

What happens if we suffer a leak of customer data?

Under the LGPD, an incident with relevant risk to data subjects requires communication to the ANPD and to those affected within a reasonable timeframe. That is why Incident Response is not only technical: Decripte preserves evidence to determine whether exfiltration occurred, sizes the impact and supports the decision on notifications, with documentation that sustains the company's position. Detecting and containing early is also the best way to avoid the obligation to notify a completed leak.

How long does Decripte take to contain an incident?

The containment SLA is less than or equal to 1 hour from activation. In retail, containment is surgical: isolate the compromised zone and accounts and cut lateral movement without bringing down healthy stores and e-commerce. Speed is what separates an incident contained in one zone from an omnichannel shutdown in the middle of the sales season.

Where do we start if we do not yet have a structured security program?

With the diagnosis. You can freely begin Threat Management at decripte.com.br/intelligence-center to see your exposure with no commitment. From there, Decripte structures security in stages — pentest of the seams, vulnerability management, a 24x7 SOC and a response plan. To contract, decripte.io/start; to talk to a specialist about your scenario, /contato.

Sector terms

Lateral movement
Technique in which the attacker, after compromising an initial point, moves through the network toward more critical systems, escalating privileges. In omnichannel retail it is the mechanism that turns the compromise of one store into the paralysis of the entire company.
Omnichannel
A retail model in which physical stores, e-commerce, app and logistics operate in an integrated way, sharing customer registration, inventory and ERP. The same integration that delivers convenience to the customer creates a single, interconnected attack surface.
POS (Point of Sale)
Terminals that capture sales in stores. A historic attack target because they touch card data and sit in physically accessible environments, often outdated and outside the central security inventory.
Zero Trust
An architecture principle that eliminates implicit trust between systems: each access and each integration call is authenticated and authorized explicitly, with minimum privilege. In omnichannel, it prevents the seams between channels from becoming free routes for the attacker.
PCI-DSS
The payment-card industry's security standard, mandatory for those who capture, process or store card data. It requires, among other controls, segmentation of the cardholder data environment (CDE), access control, log monitoring and vulnerability management.
Double extortion
A ransomware tactic in which the attacker exfiltrates the data before encrypting it, adding leak blackmail to unavailability blackmail. In retail, it targets the unified customer registration, with direct implications under the LGPD.

Decripte protects and responds to incidents in omnichannel physical retail.

Pentest, 24x7 SOC, incident response with a 1-hour containment SLA and compliance — without building an internal team. Or start free by seeing what has already leaked from your company.