POS Security Priorities

Catering to a high-profile customer base may be profitable, but it also forces Toronto-based Holt Renfrew to ensure that it secures all customer data collected and processed at point-of-sale. Two initiatives—one new and one old—are helping the high-end department store chain to uphold this promise.

Holt Renfrew is a 10-location, privately held department store chain that markets merchandise from many prestigious brands and designers. This assortment, and Holt Renfrew’s concierge and personal-shopping services, make the chain a top choice among an elite shopping base.

That’s why Holt Renfrew leaves nothing to chance when collecting customer information at POS. To securely manage the transmission of this data across its enterprise, it uses a virtual private network (VPN), a private data network that uses a public telecommunication infrastructure, such as the Internet. The chain maintains data privacy by using a tunneling protocol and security procedures.

Holt Renfrew doesn’t rely solely on this security tactic however, especially as more chains become targets of data breaches.

“We already operate in a secure landscape when it comes to processing sensitive customer credit-card information,” said Anne Hodkin, the chain’s director of IT. “Besides encrypting data as it moves across our network, we don’t store credit-card information, such as expiration dates or tracking information. This makes it difficult for hackers to recreate card data.”

The chain is also currently transitioning its operations to comply with the PCI (payment card industry) standard, network security guidelines regulated by an industry group comprised of companies including MasterCard, Visa, American Express and Discover Card.

“We are currently testing our encryption efforts and plan to be compliant by the end of June,” she added.

Pinpointing security: On a daily basis, Holt Renfrew handles other sensitive customer information, including shopper profiles. During the checkout process, this data is transmitted to a database where it is stored for analysis by personal shoppers and marketers. Thus, the retailer knew basic employee authorization methods were not enough to protect this sensitive data from store-level tampering.

By transitioning to a biometrics-based system from Digital Persona, Redwood City, Calif., Holt Renfrew gained a new way to identify associates.

Holt Renfrew is using fingerprint authentication to create a user-unique audit trail that monitors employee access to POS terminals.

Within two weeks, the chain seamlessly integrated Digital Persona’s Software Development Kit (SDK) within the chain’s Tradewind POS software from Datavantage Corp., Cleveland. Digital Persona’s fingerprint readers were integrated with the chain’s POS hardware.

As employees register, they are prompted to place their thumb on the fingerprint scanner. Within seconds the print’s data points are digitized and stored in a dedicated database.

At the start of their shift, registered employees scan their thumb on their POS unit’s print scanner. Once the software’s algorithms detect and authorize the associates’ identity, they are granted access to the POS network.

Holt Renfrew initiated the biometrics-based system approximately three years ago. Besides identifying associates as they log into the network, the system enables the retailer to securely audit employee transactions. The system also ensures that tokens such as keys, cards or passwords can no longer be shared among associates.

Today, the chain supports 500 fingerprint scanners at store-level. The solution is not being used at headquarters.

Biometrics could provide another level of security for the chain as the company explores the potential of a wireless telecommunications network.

“As we explore the idea of a wireless network, we might consider biometrics for PC authentication of remote associates,” Hodkin explained. “While this is not in the works, it could be a viable solution down the road.”