• Home » Industries » Protect against cyber threats in retail and hospitality

    Protect against cyber threats in retail and hospitality

    Prevent account takeovers, secure shared devices, and protect sensitive data across your supply chain

    Strong security while enhancing customer experience 

    The high availability of sensitive data makes retail and hospitality organizations a lucrative target for cyberattacks. In order to protect against cyberattacks strong multi-factor authentication (MFA) is needed, however not all forms are created equal in terms of security nor in the user experience they provide–which is critical for these industries that are consumer and customer-facing. The YubiKey provides phishing-resistant two-factor, multi-factor, and passwordless authentication, helping retail and hospitality organizations stop phishing attacks, ransomware, and account takeovers, all while protecting sensitive customer and financial data, and driving regulatory compliance.

    Protecting against modern cyber threats in retail and hospitality

    Learn how modernizing authentication can secure shared devices, protect sensitive data, and prevent account takeovers while enhancing customer experience.

    retail and hospitality wp

    Customer Spotlight:

    Hyatt Hotels is going passwordless

    Modern phishing-resistant MFA eliminates authentication fatigue for colleagues, while also creating improved guest experiences. YubiKeys work seamlessly with Hyatt’s existing Microsoft’s environment creating elevated security for employees and guest data.

    “We are taking great strides in protecting the safety of our guests and colleagues by requiring phishing-resistant MFA methods for all applications that can expose both PII and Card Holder data. We also believe that having Guest Services colleagues looking down at their phone to complete an MFA response or approval does not portray the message we want, to someone walking past the front desk. It  lends itself to the perception the colleague is engaged in their cell phone for social media or other personal activity. 

    Using a YubiKey not only provides a more seamless experience for the colleague while keeping our data safe, but also allows those colleagues to keep their cell phones stored away while performing guest-facing roles.”
    Art ChernobrovHyatt Hotels Corporation,
    Director of Identity, Access, and Endpoints

    checking in at hotel
    Secure access to critical systems, applications and data for in-person, hybrid or remote employees 

    With critical systems and payment card information (PCI) and employee and customer Personal Identifiable Information (PII) located across on-premises and the cloud, you need a simple yet effective way to ensure your applications, data, and critical systems are protected against unauthorized access. Whether it’s office workers, remote employees, contractors, or privileged users such as IT admins, strong authentication is the need of the hour, especially given a sharp increase in cybercrime.

    YubiKeys offer highest-assurance MFA and ensure that only authorized users have access to PII data and critical systems, such as O365. YubiKeys integrate seamlessly with existing IAM solutions such as Microsoft, Okta, Duo, and Ping, and provide secure authentication for hundreds of applications and services eliminating any rip or replace of existing solutions and sets you up well to eventually move to passwordless authentication—authentication that does not require the user to provide a password at login at all.

    Modernize security for POS terminals, shared workstations/devices, and RFID readers 

    Securing point-of-sale (POS) terminals, shared workstations/devices, and RFID readers with legacy username and password authentication puts you at risk of a cyber breach. Passwords also don’t offer the best user experience, and they increase IT help desk costs related to password resets.

    With the YubiKey you can secure access to POS terminals, shared workstations/devices, and RFID readers with highest-assurance MFA and passwordless authentication, and deliver a convenient user experience—even for remote access. YubiKeys are also easily re-programmed, making them suitable for seasonal and temporary workers, and they ensure self-service password resets, drastically reducing IT help desk costs.

    Drive compliance to industry regulations and authentication standards 

    Securing sensitive data and strengthening cybersecurity across retail and hospitality has never been more critical. Industry Regulations such as The Payment Card Industry Data Security Standard (PCI DSS) v4.0 requires the use of strong MFA for all accounts that have access to cardholder data. Further retailers and hoteliers should pay attention to Requirement 12 of PCI DSS v4.0 which details the need for an information security policy and programs. Strong customer authentication is also a key provision of the Payment Services Directive (PSD) 2, a process that seeks to make online payments more secure by reducing fraud.

    YubiKeys enable strong verification of users keeping organizations compliant with existing and emerging regulations such as PCI DSS, EU Payment Services Directive 2 (PSD2), GDPR, and more. YubiKeys are also FIDO2/WebAuthn compliant streamlining workflows and increasing productivity.

    To learn more, read the ebook Securing your critical assets in an ever changing regulatory environment.

    Protect your entire supply chain and eliminate vulnerability gaps

    Global business and inventory supply chain networks can result in expansive attack surfaces. If even a single point in your supply chain is weak or unsecured, it can have devastating consequences.  Mandating strong MFA from your vendors minimizes your cyber risk, liability, and damage to your brand reputation.

    The YubiKey offers secure, convenient, and scalable security making it easy for you and your supply chain vendors to deploy strong authentication. With YubiEnterprise Delivery from Yubico, it’s easy for your supply chain to get security keys directly into the hands of their users. Authentication of users is vital along the supply chain, but so is authentication between systems and machines, which is provided by the world’s smallest hardware security module (HSM), the YubiHSM 2.

    Provide strong security for customer accounts and loyalty programs

    Most online customer accounts and loyalty programs today still use legacy username and password based authentication which doesn’t keep your customers safe against phishing attacks and account takeovers.

    Drive competitive differentiation by showing your customers you care about the safety and privacy of their sensitive information. By offering strong 2FA or MFA using hardware security keys for your customers’ online and mobile accounts, your customers get peace of mind that their accounts are protected against account takeovers.

    YubiKeys as a Service enable faster and wider rollouts of modern MFA in 2023

    Watch this webinar to learn about how to procure YubiKeys as a Service with the new and expanded YubiEnterprise Subscription offering for greater business agility and predictability.

    Case in point:

    Retail Control Systems (RCS) chooses YubiKey


    • RCS sought a robust, convenient, and manageable MFA solution for use internally, and integrated with RCS software portfolio to protect their customer’s access to sensitive data
    • Needed PCI DSS compliant authentication, while ensuring no bottlenecks for their desired customer experience

    The YubiKey Solution

    • YubiKeys coupled with Cisco’s Duo Security provided an easily understood, implemented, and managed solution for RCS and their client’s growth and needs.
    • With the YubiKey, RCS is able to offer their clients a PCI DSS compliant environment


    • Convenient and secure MFA managed across 2500+ identities, and powering over 11,000 authentications every day
    • Low support costs due to simplicity of the platform
    “Whether it’s an attack on your online store or your credit card processing system, a data breach could leave you with massive tech bills and thousands of frustrated customers.”

    Risk reduction, business growth, and efficiency enabled by YubiKeys

    A recent Forrester Consulting Total Economic Impact™ (TEI) study commissioned by Yubico found that a composite organization representative of interviewed customers who use YubiKeys reduced risk of successful phishing and credential theft attacks by 99.9%, saw a drop in password-related helpdesk tickets by 75%, and experienced a 203% 3-year ROI with YubiKeys.

    BUT…. all organizations are different. Enter your own company data to create a custom Dynamic TEI study and instantly see how Yubico’s solutions can help your organization!

    TEI Forrester report

    YubiEnterprise Subscription: peace of mind and flexibility for less than a cup of coffee per user/month

    YubiEnterprise Subscription simplifies purchase and support while also providing financial benefits. Estimate your potential savings as compared to one-time perpetual purchasing model

    array of logos

    Get started

    YubiKey 5 series
    Find the right YubiKey

    Contact our sales team for a personalized assessment of your company’s needs.

    YubiKey in an ice cream cone
    Get protected today

    Browse our online store today and buy the right YubiKey for you.