Secure Christmas

It’s critically important for retailers to secure point of sale online and mobile systems over the Christmas period, according to Verizon.

As retailers gear up for the holiday shopping season, Verizon says security should be at the top of every retailer’s holiday checklist.

“We know from Verizon’s Data Breach Investigations Report that retailers are among the most vulnerable to cyber crime and theft,” said Scott Eason, vice president of retail and financial services for Verizon Enterprise Solutions.

“Taking stock of vulnerabilities and putting some simple practices in place will help retailers protect their customers and assets.”

Here is a list worth checking twice to bolster security for retailers’ operations and customers:

· Maintain current compliance with Payment Card Industry Data Security Standards (PCI-DSS)
 Compliance with PCI-DSS requires continuous adherence. This means a daily log review, weekly file integrity monitoring, quarterly vulnerability scanning and annual penetration testing. To maintain continued compliance, designate an internal PCI ‘champion’ so that compliance becomes part of daily business activities during the holidays – and every day.

· Self validate very carefully – or entrust it to a credible expert
Top tier merchants, which process the highest volumes of cardholder transactions, are allowed to assess themselves against the PCI standards. But due to the numerous issues and conflicts of interest this can cause, Verizon recommends an objective and credible third party validate the scope of the assessment or perform the testing.

· Only use third party security vendors who are credible experts

 Verizon’s Data Breach Investigations Report analysis shows that small businesses and franchises of large chains are most vulnerable to cybercrime. If a third party vendor manages a retailer’s POS systems, the retailer should ask the vendor to confirm that PCI compliance measures are in place.

· Educate employees so that they can recognise security breaches and help keep security measures active
In addition to designating an internal PCI champion to ensure that the PCI security standards are being adhered to, employee education is critical for recognising telltale signs of a breach and to understanding that prevention measures are working.

· In the era of omni-channel retailing, ensure that online and mobility channels are secure
Protect public-facing Web assets, which are great for attracting customers, but also magnets for cyber thieves. Protect in-store mobile assets through mobile-device management that can authorise approved employee access to corporate information, encrypt data, protect against viruses, and remotely lock and wipe devices of critical corporate information.

·Frequently change administrative passwords on all point-of-sale systems
Hackers constantly scan the Internet for guessable passwords, so avoid using POS systems to browse the Internet.

· Implement a firewall or access control list on remote access and administration services
If hackers can’t reach a retailer’s system, they can’t easily steal from it.

“There will be many opportunities throughout the holiday season for mischievous hackers, thieves and other bad actors to breach retailers’ systems,” added Eason.

“For retailers, taking steps to ensure they’re protected will be essential to keeping cash registers ringing, Web transactions shipping and digital wallets pinging with confidence.”

You have 7 articles remaining. Unlock 15 free articles a month, it’s free.