Today’s advanced security threats mean that a retailer needs to be more than just PCI DSS compliant in order to protect customer information beyond credit cardholder data.
System integrators in the retail industry are being asked to be certified by the PCI Council as a key component to the technology and service supply chain to resolve the inconsistent attention to security and vulnerable configuration issues that could lead to security compromise.
Retailers need to be concerned with how they evolve customer engagement and ensure their security strategy and plans address the growing threat landscape. Securing POS systems from basic system functions to newer applications that utilize customer information is essential to protecting the retailer’s brand and reputation.
The McAfee report reveals that POS systems are updated too infrequently, creating vast windows of opportunities for criminals to find and exploit vulnerabilities. Once a new vulnerability is located, businesses using the same types of systems can be easily identified and targeted for attack. The vulnerabilities with POS systems that are not regularly updated increase the likelihood that consumers’ cardholder and personal data is at risk.
“Retailers have worked hard not to store cardholder data, however, they still maintain a great deal of specific proprietary customer data on their networks that are a potential treasure trove for criminals and identity thieves,” said Greg Buzek, founder and president of IHL Consulting Group. “When a security breach occurs, retailers are at risk of losing their customers’ trust and business.”
The complete report is available here.