The combination of the Internet, advances in technology and the around-the-clock communication affords us the ability to order dinner with the swipe of a finger, reserve movie tickets instantaneously and purchase clothing within seconds. While useful and convenient, the power to instantly process payments via the Internet means retailers and merchants are at risk for numerous information security issues. Debit cards, credit cards and innovative methods of payment are exposing the retail sector to vulnerabilities that all market participants need to keep up with.
While the ability to access money and make purchases instantly is meant to simplify life, the online presence of highly sensitive data poses the potential for stolen money, fraud and identity theft, affecting both consumers and retailers alike. On a larger scale, the Payment Card Industry Data Security Standard (PCI DSS) enforces a set of requirements with which retailers and merchants must comply. While intended to increase security and protect businesses and customers, such compliance regulations can be overwhelming to maintain. In essence, information security cannot be compromised forcing retailers to be prepared to simultaneously manage risk and remain prepared for auditing.
Your customers have to be able to trust in your ability to defend their data.
Information security for the world of retail will require more demanding and complex regulations as threats and hacking methods evolve. Compliance efforts and security measures must also continue to grow and stay innovative. It’s no secret that in recent years, merchant credit card hacks and compromised retail information security have been topics of the news constantly.
Further, the consequences for a breach aren’t just related to auditing and finances, there is also the problem of irreversible damage to a retailer’s reputation. According to IBM, data breaches significantly impact consumer confidence. For instance, in the case of one major breach, the company experienced a 46 percent drop in profit the quarter following the breach.
Staying aware of today’s greatest security threats, and the potential security threats of tomorrow is key. Hackers become more advanced every day, developing various methods of misleading retailers using DDoS attacks and mimicking customer behavior. A number of vulnerabilities provide hackers with opportunities to infiltrate retailers’ systems, such as inadequate network security, weak passwords, poor system configurations, unpatched technology and leading end users to websites or files infected with malware. Another security concern on the horizon is the continuance of attacks on retailers’ point-of-sale systems. The good news is, the inception of EMV (Europay, MasterCard and Visa), a new global standard for debit and credit cards equipped with computer chips and technology for authenticating chip-card transactions, is on the verge of deployment for retailers around the world. It is predicted that this new technology will protect consumers and reduce the costs of fraud.
There is a lot hanging in the balance for retailers and merchants in terms of protecting the personal and financial information of consumers, preventing theft and fraud, having a working plan of action in the event of a breach and remaining PCI complaint. Making purchases shouldn’t feel like an obvious hazard. Consumers deserve to know that retailers are taking all of the necessary precautions and methods of defense in preventing breaches.
A $2.63B leader in the motion picture exhibition industry with close to 500 theatres and almost 6,000 screens in the U.S. and Latin America worked with CSS to identify the security technology, policies and processes required to develop their own internal Certificate Authority (CA) to protect and secure multi-location communications across thousands of POS and company-owned computers.
The organization also engaged CSS to manage the offsite hosting of the Root CA to protect the private keys used to secure the communications, as well as certificate monitoring and Certificate Revocation List (CRL) publishing. Outsourcing the management of this certificate program to the CSS experts allows the theater company to balance money, time and staff across additional critical IT projects.