Security Threats, Hackers And PCI, Oh My!
The issues confronting retailing regarding new security regulations are daunting, to say the least and could almost be considered oppressive. However, retailers have no option but to make the most of the myriad challenges facing them in these areas and turn challenges into wins. It is no easy task.
With regard to PCI (Payment Card Industry), Anne Marie Meyer, program manager, DSW Shoe Warehouse, got her call to take on the job of clearing up any compliance issues one day after a company breach. It was not an easy assignment.
As she noted during the Technology & Operations Store Summit (TOPSS) in Las Vegas in October, “The right decisions for the business and for security are not always the same—in the short run.” In the long run, though, having the processes and systems in place to make sure you know what customer information you have, where you have it and how many times it is replicated represents a key potential business benefit, as well as mandate.
TOPSS is produced by Chain Store Age and Retail Technology Quarterly.
The questions retailers need to ask include some major tasks, such as what personal and potentially PCI-relevant information do I have about my customers and where do I have that information? Is it stored in one or in 100 different applications? Are there paper receipts stored in boxes in backrooms or warehouses that no one even knows about or remembers yet may contain critical information about consumers’ personal identification, including credit-card and Social Security numbers?
To address these tough questions, every retailer must create a strategy that encompasses the entire company. Meyer also made suggestions such as “starting a share group in your (geographic) area to learn together and help avoid mistakes. You may be competitors in the stores, but this is an area that can benefit everyone.”
Keeping Up With Legal RequirementsBenita Kahn, an attorney at law firm Vorys, Sater, Seymour and Pease LLP, discussed the latest laws and statutes facing the retail industry during the session “Legal Requirements on Retailers: How to Keep Up!”
Companies must comply with an abundance of legal requirements throughout the space and in order to avoid potential liability, it’s important for retailers to stay on top of the game.
Kahn brought attendees up to speed on the latest laws enacted to address identity theft. Kahn also detailed compliance considerations for an array of marketing platforms, including new media (such as Facebook, MySpace and mobile marketing).
For more information on potential liability and what retailers should avoid, visit www.csatopss.com to download the presentation.
As difficult and frustrating adhering to PCI requirements is, ensuring overall security against hackers and other major customer-information security threats is an even greater challenge, noted Eddie Schwartz, chief security officer for NetWitness. The task, he warned, represents a moving target, with hackers and thieves always developing new methods of attack. Yet retailers must have sensible, smart and dynamic policies and practices in place to keep from becoming an identity-theft victim.
One intriguing area he cited in particular had to do with encryption technology, which most retailers might think is the answer to solving PCI and other information security threats. “Believe it or not,” Schwartz said, “hackers love encryption and they use it extensively.”
Schwartz noted that encryption actually makes it more difficult for retailers to precisely and transparently monitor their own networks—not a good environment for protecting data and detecting break-ins, he warned.
Another increasingly common use of technology that he said represented a literal gold mine of opportunity for hackers to exploit is the use of Skype for Internet telephone calls. While it may come as a disappointment to the growing number of retailers and others using the technology to talk free across the globe, Schwartz said anyone who uses Skype is opening a Pandora’s Box for hackers to exploit your network and steal data.
He also noted that “Designer Malware”—software programs such as viruses that are created to hack into your network specifically—is not only on the rise but here to stay. “Hacking is lucrative, safe and not difficult [to accomplish], if you are not doing your job,” he told the roomful of retail and vendor attendees.