While data breaches at big-name retailers often enter the public sphere, intrusions at specialty stores often go unnoticed. 

It's easy to assume that cybercriminals ignore medium-sized merchants, but they're far less picky than people would think. Why target the perceived "small fries" of the retail industry? Because hackers are interested in credit and debit card data, no matter where it resides. 

Backoff's effect on merchandising 
Small Business Computing noted the prevalence of the Backoff malware, which peruses environments for credit card numbers and matches them with security keys. Once the data has been matched, it's delivered to the hacker that planted the worm in the first place, allowing him or her to either sell the information or use it for his or her own purposes. 

"For every one that we hear about, there are hundreds of small businesses affected," said Andrew Bagrin, in reference to his cloud-based data security firm My Digital Shield, as quoted by the source. "I have a feeling that it's just the beginning." 

Slow to get back up (if at all) 
When a small or mid-sized retailer is hit by a malware attack, it can't recover in the way larger merchants can. While big box enterprises still sustain setbacks when cybercriminals infiltrate their databases, they can utilize a large amount of available resources to mitigate and resolve such issues. 

On the other hand, smaller operations may have to close up shop. Bagrin noted findings from the National Cyber Security Alliance, which asserted 60 percent of small businesses that encounter attacks shut down within six months after such an event occurs. 

Why tokenization is the way to go 
It's easy for people to confuse encryption and tokenization as the same technology. ITWorldCanada contributor Michael Ball identified the differences between the two. The former security protocol involves encoding sensitive data at rest and in transit, while copies of encrypted information reside in other environments. In addition, encrypted data is actually intended to be decrypted (by authorized parties, of course). 

In contrast, tokenization removes these loopholes by replacing existing information with a "unique placeholder" that is randomly generated. This replaces valid credit card numbers with fake ones, but must still be granted access through a validation algorithm. Essentially, tokenization renders hacking attempts useless, because the original data no longer exists. In addition, it's difficult – if not impossible – for a skilled cybercriminal to reverse engineer the token. 

While encryption is a common security measure, implementing tokenization is a best practice every retailer should employ.