STORES Magazine - April 2009 - (Page 68)

CONSIDER THIS / ARTS UPDATE Best Practices for Protecting Customer Data BY RICHARD MADER The percentage of PCI-compliant retailers continues to rise, yet compromised credit accounts continue to make news. In fact, two of the largest breaches were committed against PCI-certified companies Hannaford and Heartland, so PCI compliance is clearly no silver bullet providing absolute protection of sensitive customer data in the new world of wireless and public networks. applications that used these numbers. The NRF CIO Council, working with ARTS Tokenization significantly reduces the attack and David Taylor of the PCI Knowledge surface of the retailer, as well as the cost and Base, has posted 25 best practices that can effort needed to demonstrate PCI complihelp retailers secure customer data and beance. When combined with network segmencome PCI certified. These best practices tation, confidential data can be isolated and were based on hundreds of hours of anonyaccess to this data much more effectively mous interviews and sharing of success stocontrolled. Companies like MerchantLink, ries from implementers. Several key best EPX, Paymetric or Shift4 offer tokenization practices that retailers can implement that solutions. will reduce their risk of a security breach are Implement end-to-end encryption. Enhighlighted below. crypting card data at the point of transmission Conduct an enterprise application comfrom retailer to payment processor (as repliance review. The principal requirement for quired by PCI-DSS) has proven inadequate controlling access and securing data is because it allows hackers to steal data as it knowing exactly what data is stored where. Richard Mader is executive travels through the retailer’s application from Therefore, the first best practice is to conduct director of ARTS. card swipe to point of transmission. End-toan enterprise application audit that identifies end encryption begins when the card is and locates data designated as confidential. swiped, and data remains encrypted through the entire The audit must document which applications use confidenpayment process. tial data — a big job, since most retailers have huge appliSecure card-readers make this solution possible, and cation portfolios and confidential data is most frequently ARTS UnifiedPOS version 1.12 includes support for secure stored in older applications. card-readers and end-to-end encryption. This method of The results of such an audit become your foundation for encryption offers additional protection to the retailer and protecting customer data and determining which other PCI goes beyond PCI requirements. MagTek, SEMTEK and best practices are right for your company. Further, this Veriphone are among the vendors offering true end-to-end audit will help you prepare for the Payment Application encryption and secure readers. Data Security Standard (PA-DSS), which requires any apOver the next few months, NRF and ARTS will continue plication that uses confidential data to be certified conforto provide actionable information that will enable retailers mant by July 1, 2010. to go beyond PCI compliance in securing customer data. Pilot data tokenization solutions. Tokenization soluWe will expand our PCI best practices with a focus on tions replace credit card numbers with meaningless numupdates to the audit points and new regulations such as bers that have no black market value. Sounds easy, but PA-DSS and PIN Entry Device (PCI-PED) security reit is a real data management problem. Token numbers quirements. are assigned, and the relationship of the real card numARTS and MagTek will present a webcast on achieving ber to the token must be stored in the most confidential maximum protection for customer data on April 29. Regismanner and location. Confidential data must then be ter to attend at www.nrf-arts.org and learn how to protect purged from all existing locations using a semi-automatyour data and your business. ed process to find and replace the confidential data in 68 STORES / APRIL 2009 WWW.STORES.ORG http://www.nrf-arts.org http://WWW.STORES.ORG Table of Contents for the Digital Edition of STORES Magazine - April 2009STORES Magazine - April 2009ContentsExecutive Editor's PagePresident's PageFast Fashion Fading in the U.K.What Shoppers ThinkBoomer Trivia10 Things You May Have MissedNumbers Worth CountingFull Price/MarkdownRetail PeopleBear EssentialsStrategyConcept2WatchMobile SearchStrategySupply ChainBusiness SystemsSustainabilitySupply ChainDigital ArchivingHuman ResourcesLoyalty NetworksMobile MarketingCash ManagementCounterfeit DetectionSystem SecurityLOEB Retail LetterARTS UpdatePoint of ViewNRF NewsRetail CrosswordRetail Industry CalendarEnd CapSTORES Magazine - April 2009STORES Magazine - April 2009 - STORES Magazine - April 2009 (Page Cover1)STORES Magazine - April 2009 - STORES Magazine - April 2009 (Page Cover2)STORES Magazine - April 2009 - STORES Magazine - April 2009 (Page 3)STORES Magazine - April 2009 - Contents (Page 4)STORES Magazine - April 2009 - Contents (Page 5)STORES Magazine - April 2009 - Contents (Page 6)STORES Magazine - April 2009 - Contents (Page 7)STORES Magazine - April 2009 - Executive Editor's Page (Page 8)STORES Magazine - April 2009 - Executive Editor's Page (Page 9)STORES Magazine - April 2009 - President's Page (Page 10)STORES Magazine - April 2009 - President's Page (Page 11)STORES Magazine - April 2009 - Fast Fashion Fading in the U.K. (Page 12)STORES Magazine - April 2009 - What Shoppers Think (Page 13)STORES Magazine - April 2009 - What Shoppers Think (Page 14)STORES Magazine - April 2009 - Boomer Trivia (Page 15)STORES Magazine - April 2009 - 10 Things You May Have Missed (Page 16)STORES Magazine - April 2009 - 10 Things You May Have Missed (Page 17)STORES Magazine - April 2009 - Numbers Worth Counting (Page 18)STORES Magazine - April 2009 - Full Price/Markdown (Page 19)STORES Magazine - April 2009 - Retail People (Page 20)STORES Magazine - April 2009 - Retail People (Page 21)STORES Magazine - April 2009 - Bear Essentials (Page 22)STORES Magazine - April 2009 - Bear Essentials (Page 23)STORES Magazine - April 2009 - Bear Essentials (Page 24)STORES Magazine - April 2009 - Bear Essentials (Page 25)STORES Magazine - April 2009 - Strategy (Page 26)STORES Magazine - April 2009 - Strategy (Page 27)STORES Magazine - April 2009 - Strategy (Page 28)STORES Magazine - April 2009 - Strategy (Page 29)STORES Magazine - April 2009 - Concept2Watch (Page 30)STORES Magazine - April 2009 - Concept2Watch (Page 31)STORES Magazine - April 2009 - Mobile Search (Page 32)STORES Magazine - April 2009 - Mobile Search (Page 33)STORES Magazine - April 2009 - Strategy (Page 34)STORES Magazine - April 2009 - Strategy (Page 35)STORES Magazine - April 2009 - Supply Chain (Page 36)STORES Magazine - April 2009 - Supply Chain (Page 37)STORES Magazine - April 2009 - Business Systems (Page 38)STORES Magazine - April 2009 - Business Systems (Page 39)STORES Magazine - April 2009 - Sustainability (Page 40)STORES Magazine - April 2009 - Sustainability (Page 41)STORES Magazine - April 2009 - Sustainability (Page 42)STORES Magazine - April 2009 - Sustainability (Page 43)STORES Magazine - April 2009 - Supply Chain (Page 44)STORES Magazine - April 2009 - Supply Chain (Page 45)STORES Magazine - April 2009 - Digital Archiving (Page 46)STORES Magazine - April 2009 - Digital Archiving (Page 47)STORES Magazine - April 2009 - Human Resources (Page 48)STORES Magazine - April 2009 - Human Resources (Page 49)STORES Magazine - April 2009 - Loyalty Networks (Page 50)STORES Magazine - April 2009 - Loyalty Networks (Page 51)STORES Magazine - April 2009 - Loyalty Networks (Page 52)STORES Magazine - April 2009 - Loyalty Networks (Page 53)STORES Magazine - April 2009 - Mobile Marketing (Page 54)STORES Magazine - April 2009 - Mobile Marketing (Page 55)STORES Magazine - April 2009 - Cash Management (Page 56)STORES Magazine - April 2009 - Cash Management (Page 57)STORES Magazine - April 2009 - Cash Management (Page 58)STORES Magazine - April 2009 - Cash Management (Page 59)STORES Magazine - April 2009 - Counterfeit Detection (Page 60)STORES Magazine - April 2009 - Counterfeit Detection (Page 61)STORES Magazine - April 2009 - System Security (Page 62)STORES Magazine - April 2009 - System Security (Page 63)STORES Magazine - April 2009 - System Security (Page 64)STORES Magazine - April 2009 - System Security (Page 65)STORES Magazine - April 2009 - LOEB Retail Letter (Page 66)STORES Magazine - April 2009 - LOEB Retail Letter (Page 67)STORES Magazine - April 2009 - ARTS Update (Page 68)STORES Magazine - April 2009 - Point of View (Page 69)STORES Magazine - April 2009 - NRF News (Page 70)STORES Magazine - April 2009 - Retail Crossword (Page 71)STORES Magazine - April 2009 - Retail Crossword (Page 72)STORES Magazine - April 2009 - Retail Industry Calendar (Page 73)STORES Magazine - April 2009 - End Cap (Page 74)STORES Magazine - April 2009 - End Cap (Page Cover3)STORES Magazine - April 2009 - End Cap (Page Cover4)http://www.nxtbook.com/nxtbooks/nrfe/stores1209http://www.nxtbook.com/nxtbooks/nrfe/stores1109http://www.nxtbook.com/nxtbooks/nrfe/stores1009http://www.nxtbook.com/nxtbooks/nrfe/stores0909http://www.nxtbook.com/nxtbooks/nrfe/stores0809http://www.nxtbook.com/nxtbooks/nrfe/stores0709http://www.nxtbook.com/nxtbooks/nrfe/stores0609http://www.nxtbook.com/nxtbooks/nrfe/stores0509http://www.nxtbook.com/nxtbooks/nrfe/stores0409http://www.nxtbook.com/nxtbooks/nrfe/stores0309http://www.nxtbook.com/nxtbooks/nrfe/stores0209http://www.nxtbook.com/nxtbooks/nrfe/stores0109http://www.nxtbook.com/nxtbooks/nrfe/stores1208http://www.nxtbook.com/nxtbooks/nrfe/stores1108http://www.nxtbook.com/nxtbooks/nrfe/stores1008http://www.nxtbook.com/nxtbooks/nrfe/stores0908http://www.nxtbook.com/nxtbooks/nrfe/stores0808http://www.nxtbook.com/nxtbooks/nrfe/stores0708http://www.nxtbook.com/nxtbooks/nrfe/stores0608http://www.nxtbook.com/nxtbooks/nrfe/stores0408http://www.nxtbook.com/nxtbooks/nrfe/stores0308http://www.nxtbook.com/nxtbooks/nrfe/stores0208http://www.nxtbook.com/nxtbooks/nrfe/stores-globalretail08http://www.nxtbook.com/nxtbooks/nrfe/stores0108http://www.nxtbook.com/nxtbooks/nrfe/stores1207http://www.nxtbook.com/nxtbooks/nrfe/stores1107http://www.nxtbook.com/nxtbooks/nrfe/stores1007http://www.nxtbook.com/nxtbooks/nrfe/stores0907http://www.nxtbook.com/nxtbooks/nrfe/stores0807http://www.nxtbook.com/nxtbooks/nrfe/stores0707http://www.nxtbook.com/nxtbooks/nrfe/stores0607http://www.nxtbook.com/nxtbooks/nrfe/stores0507http://www.nxtbook.com/nxtbooks/nrfe/stores0407http://www.nxtbook.com/nxtbooks/nrfe/stores0307http://www.nxtbook.com/nxtbooks/nrfe/stores0207http://www.nxtbook.com/nxtbooks/nrfe/stores-globalretail07http://www.nxtbook.com/nxtbooks/nrfe/stores0107http://www.nxtbook.com/nxtbooks/nrfe/stores1206http://www.nxtbook.com/nxtbooks/nrfe/stores1106http://www.nxtbook.com/nxtbooks/nrfe/stores1006http://www.nxtbook.com/nxtbooks/nrfe/stores0906http://www.nxtbook.com/nxtbooks/nrfe/stores0706http://www.nxtbook.com/nxtbooks/nrfe/stores0606http://www.nxtbook.com/nxtbooks/nrfe/stores0506http://www.nxtbook.com/nxtbooks/nrfe/stores0406http://www.nxtbook.com/nxtbooks/nrfe/stores0306http://www.nxtbook.com/nxtbooks/nrfe/stores0206http://www.nxtbook.com/nxtbooks/nrfe/stores0106-globalretailhttp://www.nxtbookMEDIA.com

For optimal viewing of this digital publication, please enable JavaScript and then refresh the page. If you would like to try to load the digital publication without using Flash Player detection, please click here.