STORES Magazine - March 2009 - (Page 48) LPINFORMATION / PCI COMPLIANCE Schooled on PCI Compliance Burned by a breach, University of Houston undergoes a full-system scan BY LAURI GIESEN manually, but using the NetMRI audit tool allowed us to lower the cost of managing PCI,” Chambers says. “Now, we don’t have to conduct an audit that involves examining [the entire network] device by device, log by log and configTake the University of Houston. It opwere before it could verify if they met the uration by configuration. We get one reerates 43 different retail-related busistandards for safe payments. port that we can look at to see if there nesses that accept credit and debit cards, Complicating matters was the fact are any areas of security we need to exranging from book stores and food servthat, while most of the businesses use amine more closely.” ice to athletic ticket sales and medical fadial-up POS terminals, about a halfNetMRI will detect issues with an incilities. Because the terface or hardware unit campus businesses are and issue an immediate so diverse, the POS terreport. With such informinals and other hardmation in hand, the uniware used to operate versity was able to pass each business are often its PCI audit in 2007 configured differently and has remained in and have different secucompliance since. rity issues. As a result, PCI compliance inmaking sure that the volves a number of strinschool’s payments netgent IT infrastructure work and connected deand security policy revices are secure and adquirements for all busihering to safe payment nesses that store, handle, standards can be quite access and transfer carddifficult. holder data. Among the The university learned greatest challenges to this lesson the hard compliance is monitorway: Its payment neting and managing spe“We get one report that we can look at to see if work was comprocific network requirethere are any areas of security we need to examine mised three years ago, ments, involving securimore closely.” – Charles Chambers, University of Houston and the ensuing audit ty firewalls, access and provided a real wakechange controls, system up call. dozen businesses operate on a shared updates and configuration changes, test“There were a lot of onerous issues reDSL network line. ing procedures and security policies. Allated to reporting, verifying information After what Chambers described as though PCI is not a legal requirement, and examining configurations that we “several false starts” in trying to put tothe card associations require complihad to take into consideration,” says gether an audit trail on its own, the uniance and can levy fines up to $500,000 Charles Chambers, manager of network versity began utilizing the NetMRI audit to retailers and service providers that fail planning and devices for the University tool from Netcordia. NetMRI is a to comply. of Houston. Essentially, the university stand-alone network solution that autohad to identify each piece of hardware matically provides discovery, identificaAutomatic updates and software that operated on its paytion of topology and assessment of netPCI standards are constantly evolving, ment network, how every component work health and issues related to indusand NetMRI is able to adapt and keep on the network operated and what its try best practices like PCI compliance. up with the latest requirements and individual potential security threats “We had been doing a lot of the work changes, Chambers says. Additionally, M any people in the retail industry think compliance with PCI Data Security Standard pertains only to traditional retailers. But any organization that handles card payments for retail sales must comply with PCI DSS, and their issues can be as complex – even more complex – than retailers’. 48 STORES / MARCH 2009 WWW.STORES.ORG http://WWW.STORES.ORG
Table of Contents Feed for the Digital Edition of STORES Magazine - March 2009 STORES Magazine - March 2009 Contents Executive Editor's Page President's Page Movers and Spenders What Shoppers Think Take Your Laundry Online 10 Things You May Have Missed Numbers Worth Counting Full Price/Markdown Retail People Luxury for Less Q & A CONCEPT2WATCH Checkout Management Online Entrepreneurs Sustainability POS Online Strategy Online Scheduling SaaS Online Marketing Merchandise Security PCI Compliance LPinformation Supplier Directory Exception Reporting Industry Perspective Theft Research LOEB Retail Letter ARTS Update Point of View NRF News Retail Crossword Retail Industry Calendar End Cap STORES Magazine - March 2009 STORES Magazine - March 2009 - STORES Magazine - March 2009 (Page Cover1) STORES Magazine - March 2009 - STORES Magazine - March 2009 (Page Cover2) STORES Magazine - March 2009 - STORES Magazine - March 2009 (Page 3) STORES Magazine - March 2009 - Contents (Page 4) STORES Magazine - March 2009 - Contents (Page 5) STORES Magazine - March 2009 - Contents (Page 6) STORES Magazine - March 2009 - Contents (Page 7) STORES Magazine - March 2009 - Executive Editor's Page (Page 8) STORES Magazine - March 2009 - Executive Editor's Page (Page 9) STORES Magazine - March 2009 - President's Page (Page 10) STORES Magazine - March 2009 - President's Page (Page 11) STORES Magazine - March 2009 - Movers and Spenders (Page 12) STORES Magazine - March 2009 - What Shoppers Think (Page 13) STORES Magazine - March 2009 - What Shoppers Think (Page 14) STORES Magazine - March 2009 - Take Your Laundry Online (Page 15) STORES Magazine - March 2009 - 10 Things You May Have Missed (Page 16) STORES Magazine - March 2009 - Numbers Worth Counting (Page 17) STORES Magazine - March 2009 - Full Price/Markdown (Page 18) STORES Magazine - March 2009 - Full Price/Markdown (Page 19) STORES Magazine - March 2009 - Retail People (Page 20) STORES Magazine - March 2009 - Retail People (Page 21) STORES Magazine - March 2009 - Luxury for Less (Page 22) STORES Magazine - March 2009 - Luxury for Less (Page 23) STORES Magazine - March 2009 - Luxury for Less (Page 24) STORES Magazine - March 2009 - Luxury for Less (Page 25) STORES Magazine - March 2009 - Q & A (Page 26) STORES Magazine - March 2009 - Q & A (Page 27) STORES Magazine - March 2009 - CONCEPT2WATCH (Page 28) STORES Magazine - March 2009 - CONCEPT2WATCH (Page 29) STORES Magazine - March 2009 - Checkout Management (Page 30) STORES Magazine - March 2009 - Checkout Management (Page 31) STORES Magazine - March 2009 - Online Entrepreneurs (Page 32) STORES Magazine - March 2009 - Sustainability (Page 33) STORES Magazine - March 2009 - Sustainability (Page 34) STORES Magazine - March 2009 - POS (Page 35) STORES Magazine - March 2009 - POS (Page 36) STORES Magazine - March 2009 - POS (Page 37) STORES Magazine - March 2009 - Online Strategy (Page 38) STORES Magazine - March 2009 - Online Strategy (Page 39) STORES Magazine - March 2009 - Online Scheduling (Page 40) STORES Magazine - March 2009 - Online Scheduling (Page 41) STORES Magazine - March 2009 - SaaS (Page 42) STORES Magazine - March 2009 - SaaS (Page 43) STORES Magazine - March 2009 - Online Marketing (Page 44) STORES Magazine - March 2009 - Merchandise Security (Page 45) STORES Magazine - March 2009 - Merchandise Security (Page 46) STORES Magazine - March 2009 - Merchandise Security (Page 47) STORES Magazine - March 2009 - PCI Compliance (Page 48) STORES Magazine - March 2009 - PCI Compliance (Page 49) STORES Magazine - March 2009 - PCI Compliance (Page 50) STORES Magazine - March 2009 - LPinformation Supplier Directory (Page 51) STORES Magazine - March 2009 - Exception Reporting (Page 79) STORES Magazine - March 2009 - Industry Perspective (Page 80) STORES Magazine - March 2009 - Industry Perspective (Page 81) STORES Magazine - March 2009 - Theft Research (Page 82) STORES Magazine - March 2009 - Theft Research (Page 83) STORES Magazine - March 2009 - Theft Research (Page 84) STORES Magazine - March 2009 - Theft Research (Page 85) STORES Magazine - March 2009 - Theft Research (Page 86) STORES Magazine - March 2009 - LOEB Retail Letter (Page 87) STORES Magazine - March 2009 - ARTS Update (Page 88) STORES Magazine - March 2009 - Point of View (Page 89) STORES Magazine - March 2009 - NRF News (Page 90) STORES Magazine - March 2009 - Retail Crossword (Page 91) STORES Magazine - March 2009 - Retail Crossword (Page 92) STORES Magazine - March 2009 - Retail Industry Calendar (Page 93) STORES Magazine - March 2009 - End Cap (Page 94) STORES Magazine - March 2009 - End Cap (Page Cover3) STORES Magazine - March 2009 - End Cap (Page Cover4)
For optimal viewing of this digital publication, please enable JavaScript and then refresh the page. If you would like to try to load the digital publication without using Flash Player detection, please click here.