Stores Magazine - October 2007 - (Page 34)

EXECUTIVE SUITE / COVER STORY TAKING A BITE OUT OF PCI COMPLIANCE I t was the fourth quarter of 2005 when Sean Smith got the call. A bank representative told him that by the following August, Steak n’ Shake would surpass the six million-transaction threshold, bumping the Indianapolis-based chain to Level 1 merchant status and requiring the company to become PCI DSS compliant — quick. The news caught Smith, director of strategic technology services at Steak n’ Shake, a bit off-guard. The company had only begun accepting credit cards a few years earlier; reaching Level 1 status so quickly just wasn’t on the radar screen. Still, he and his team promptly sunk their teeth into the project. As a publicly-traded company, Steak n’ Shake was already knee deep in Sarbanes-Oxley projects, and Smith saw an opportunity to leverage what they learned in the corporate environment and roll it out to the stores. With a fiscal year that begins in October, Smith was able to plan remediation into the company’s fiscal budget: then he began the task of identifying gaps in processes and technology. Steak n’ Shake implemented the QualysGuard PCI suite for the required quarterly vulnerability assessments. Altiris Total Management Suite was implemented to provide a means for patch management, centralized remote control, asset management and equipment lifecycle management. A McAfee total protection suite was put in place for end point security (anti-virus, anti-spyware, host intrusion protection and firewall services) and WebSense was already in place to minimize the possibilities of phishing and spyware getting into the company’s environment. “We pulled all of our web servers off the perimeter so the only functionality on the perimeter today is security devices,” Smith says. “By doing that, we assure that we minimize our exposure to Internet-borne threats. All of our business reporting systems require our users to be authenticated through a virtual private network prior to assessing any of their content — basically maintaining a layer of security around the organization.” There were various obstacles to overcome on the path to compliance, yet Smith insists that the technology piece was easy compared to juggling the changes it prompted among people and processes. “Processes work if people follow them, so your No. 1 gap associated with security today is keeping people educated as to what their roles and responsibilities are. For some, it’s really difficult to understand why they had access to data one day and the next we say it’s off limits. Getting people to understand that the changes are in the best interest of the company takes time and patience.” following the rules may keep you from getting fined, but expanding your company’s security beyond PCI is critical. PCI is really just an important first step.” How often does RBA revisit the security measures put in place as a result of PCI? “Unoffically, every day,” Gaggion says. “Officially, every quarter.” RBA is required to send its bank a scan report that checks system vulnerabilities. If vulnerability is “high” the retailer must fix the issue and perform a re-scan. The company is required to complete a self-assessment questionnaire at the end of each calendar year. Data disconnect ne of the concerns retailers have as they look ahead is the disconnect that exists between locking down data and applying more stringent controls related to data management, and a business trend that calls for using customer data to create more value. Merchants and IT professionals will need to walk a fine line between trying to cater to the shoppers’ desire for more personalized service – the very thing that differentiates one retailer from the next – and leaving any O Microsoft is encouraging retailers to view PCI as a business application that will yield business value doors to customer data open that could somehow be abused. Geoff Thomas, general manager of Microsoft’s U.S. Retail and Hospitality Group, insists it can be done and says that’s a perfect example of why Microsoft is encouraging retailers to view PCI as a business application that will yield business value. “Companies really need to take a long-term view,” Thomas says. “There is business benefit along the way. It’s an opportunity to get systems and infrastructure in place that will set them up to deploy some services and capabilities that they’re not able to do today. It will help with business agility, and it can help them to lower total cost of ownership.” Microsoft and others – including a cadre of software, hardware, security and service providers – have their work cut out for them. Retailers believe data security standards are important and they want to protect customer data, but it looks as if they may need more time to get there, and more support from the card associations and banks when it comes to determining who will be the keeper of critical card data – and who will bear the risk and liability. December 31, when all Level 1 and Level 2 merchants must be compliant, marks the next deadline. StORES WWW.STORES.ORG 34 STORES / OCTOBER 2007 http://WWW.STORES.ORG Table of Contents for the Digital Edition of Stores Magazine - October 2007ContentsExecutive Editor's PagePresident's PageDrug Store ClinicsBack-to-School MicrositeWhat Shoppers Think10 Things You May Have MissedNumbers Worth CountingFull Price/MarkdownRetail PeopleDigital SignageCover Story: PCI: What's AheadA Sticking PointTaking a Bite Out of PCI ComplianceFavorite 50Concept2WatchKiosksCustomer ServiceE-CommerceStore OperationsRFIDGlobal StrategiesNRFtech Wrap-upCommunicationsCreditPharmacy ManagementE-CommerceWorkflow ManagementData ManagementLoeb Retail LetterARTS UpdatePoint of ViewNRF NewsRetail Industry CalendarLast LaughStores Magazine - October 2007Stores Magazine - October 2007 - (Page 1)Stores Magazine - October 2007 - (Page 2)Stores Magazine - October 2007 - (Page 3)Stores Magazine - October 2007 - Contents (Page 4)Stores Magazine - October 2007 - Contents (Page 5)Stores Magazine - October 2007 - Contents (Page 6)Stores Magazine - October 2007 - Contents (Page 7)Stores Magazine - October 2007 - Executive Editor's Page (Page 8)Stores Magazine - October 2007 - Executive Editor's Page (Page 9)Stores Magazine - October 2007 - President's Page (Page 10)Stores Magazine - October 2007 - President's Page (Page 11)Stores Magazine - October 2007 - Back-to-School Microsite (Page 12)Stores Magazine - October 2007 - Back-to-School Microsite (Page 13)Stores Magazine - October 2007 - What Shoppers Think (Page 14)Stores Magazine - October 2007 - What Shoppers Think (Page 15)Stores Magazine - October 2007 - What Shoppers Think (Page 16)Stores Magazine - October 2007 - What Shoppers Think (Page 17)Stores Magazine - October 2007 - 10 Things You May Have Missed (Page 18)Stores Magazine - October 2007 - 10 Things You May Have Missed (Page 19)Stores Magazine - October 2007 - Numbers Worth Counting (Page 20)Stores Magazine - October 2007 - Numbers Worth Counting (Page 21)Stores Magazine - October 2007 - Full Price/Markdown (Page 22)Stores Magazine - October 2007 - Full Price/Markdown (Page 23)Stores Magazine - October 2007 - Retail People (Page 24)Stores Magazine - October 2007 - Retail People (Page 25)Stores Magazine - October 2007 - Digital Signage (Page 26)Stores Magazine - October 2007 - Digital Signage (Page 27)Stores Magazine - October 2007 - Digital Signage (Page 28)Stores Magazine - October 2007 - Digital Signage (Page 29)Stores Magazine - October 2007 - Cover Story: PCI: What's Ahead (Page 30)Stores Magazine - October 2007 - A Sticking Point (Page 31)Stores Magazine - October 2007 - A Sticking Point (Page 32)Stores Magazine - October 2007 - A Sticking Point (Page 33)Stores Magazine - October 2007 - Taking a Bite Out of PCI Compliance (Page 34)Stores Magazine - October 2007 - Favorite 50 (Page F1)Stores Magazine - October 2007 - Favorite 50 (Page F2)Stores Magazine - October 2007 - Favorite 50 (Page F3)Stores Magazine - October 2007 - Favorite 50 (Page F4)Stores Magazine - October 2007 - Favorite 50 (Page F5)Stores Magazine - October 2007 - Favorite 50 (Page F6)Stores Magazine - October 2007 - Favorite 50 (Page F7)Stores Magazine - October 2007 - Favorite 50 (Page F8)Stores Magazine - October 2007 - Favorite 50 (Page F9)Stores Magazine - October 2007 - Favorite 50 (Page F10)Stores Magazine - October 2007 - Favorite 50 (Page F11)Stores Magazine - October 2007 - Favorite 50 (Page F12)Stores Magazine - October 2007 - Favorite 50 (Page F13)Stores Magazine - October 2007 - Favorite 50 (Page F14)Stores Magazine - October 2007 - Favorite 50 (Page F15)Stores Magazine - October 2007 - Favorite 50 (Page F16)Stores Magazine - October 2007 - Concept2Watch (Page 51)Stores Magazine - October 2007 - Kiosks (Page 52)Stores Magazine - October 2007 - Kiosks (Page 53)Stores Magazine - October 2007 - Customer Service (Page 54)Stores Magazine - October 2007 - Customer Service (Page 55)Stores Magazine - October 2007 - E-Commerce (Page 56)Stores Magazine - October 2007 - E-Commerce (Page 57)Stores Magazine - October 2007 - Store Operations (Page 58)Stores Magazine - October 2007 - Store Operations (Page 59)Stores Magazine - October 2007 - Store Operations (Page 60)Stores Magazine - October 2007 - Store Operations (Page 61)Stores Magazine - October 2007 - RFID (Page 62)Stores Magazine - October 2007 - RFID (Page 63)Stores Magazine - October 2007 - Global Strategies (Page 64)Stores Magazine - October 2007 - Global Strategies (Page 65)Stores Magazine - October 2007 - Global Strategies (Page 66)Stores Magazine - October 2007 - NRFtech Wrap-up (Page S1)Stores Magazine - October 2007 - NRFtech Wrap-up (Page S2)Stores Magazine - October 2007 - NRFtech Wrap-up (Page S3)Stores Magazine - October 2007 - NRFtech Wrap-up (Page S4)Stores Magazine - October 2007 - NRFtech Wrap-up (Page S5)Stores Magazine - October 2007 - NRFtech Wrap-up (Page S6)Stores Magazine - October 2007 - NRFtech Wrap-up (Page S7)Stores Magazine - October 2007 - NRFtech Wrap-up (Page S8)Stores Magazine - October 2007 - NRFtech Wrap-up (Page S9)Stores Magazine - October 2007 - NRFtech Wrap-up (Page S10)Stores Magazine - October 2007 - NRFtech Wrap-up (Page S11)Stores Magazine - October 2007 - NRFtech Wrap-up (Page S12)Stores Magazine - October 2007 - NRFtech Wrap-up (Page S13)Stores Magazine - October 2007 - NRFtech Wrap-up (Page S14)Stores Magazine - October 2007 - NRFtech Wrap-up (Page S15)Stores Magazine - October 2007 - NRFtech Wrap-up (Page S16)Stores Magazine - October 2007 - NRFtech Wrap-up (Page S17)Stores Magazine - October 2007 - NRFtech Wrap-up (Page S18)Stores Magazine - October 2007 - NRFtech Wrap-up (Page S19)Stores Magazine - October 2007 - NRFtech Wrap-up (Page S20)Stores Magazine - October 2007 - Communications (Page 87)Stores Magazine - October 2007 - Communications (Page 88)Stores Magazine - October 2007 - Communications (Page 89)Stores Magazine - October 2007 - Credit (Page 90)Stores Magazine - October 2007 - Credit (Page 91)Stores Magazine - October 2007 - Pharmacy Management (Page 92)Stores Magazine - October 2007 - Pharmacy Management (Page 93)Stores Magazine - October 2007 - Pharmacy Management (Page 94)Stores Magazine - October 2007 - Pharmacy Management (Page A1)Stores Magazine - October 2007 - Pharmacy Management (Page A2)Stores Magazine - October 2007 - Pharmacy Management (Page A3)Stores Magazine - October 2007 - Pharmacy Management (Page A4)Stores Magazine - October 2007 - E-Commerce (Page 99)Stores Magazine - October 2007 - E-Commerce (Page 100)Stores Magazine - October 2007 - E-Commerce (Page 101)Stores Magazine - October 2007 - Workflow Management (Page 102)Stores Magazine - October 2007 - Workflow Management (Page 103)Stores Magazine - October 2007 - Data Management (Page 104)Stores Magazine - October 2007 - Data Management (Page 105)Stores Magazine - October 2007 - Data Management (Page 106)Stores Magazine - October 2007 - Data Management (Page T1)Stores Magazine - October 2007 - Data Management (Page T2)Stores Magazine - October 2007 - Data Management (Page T3)Stores Magazine - October 2007 - Data Management (Page T4)Stores Magazine - October 2007 - Data Management (Page 111)Stores Magazine - October 2007 - Loeb Retail Letter (Page 112)Stores Magazine - October 2007 - Loeb Retail Letter (Page 113)Stores Magazine - October 2007 - ARTS Update (Page 114)Stores Magazine - October 2007 - ARTS Update (Page 115)Stores Magazine - October 2007 - Point of View (Page 116)Stores Magazine - October 2007 - Point of View (Page 117)Stores Magazine - October 2007 - Point of View (Page 118)Stores Magazine - October 2007 - Point of View (Page 119)Stores Magazine - October 2007 - NRF News (Page 120)Stores Magazine - October 2007 - NRF News (Page 121)Stores Magazine - October 2007 - Retail Industry Calendar (Page 122)Stores Magazine - October 2007 - Retail Industry Calendar (Page 123)Stores Magazine - October 2007 - Retail Industry Calendar (Page 124)Stores Magazine - October 2007 - Retail Industry Calendar (Page 125)Stores Magazine - October 2007 - Last Laugh (Page 126)Stores Magazine - October 2007 - Last Laugh (Page 127)Stores Magazine - October 2007 - Last Laugh (Page 128)http://www.nxtbook.com/nxtbooks/nrfe/stores1109http://www.nxtbook.com/nxtbooks/nrfe/stores1009http://www.nxtbook.com/nxtbooks/nrfe/stores0909http://www.nxtbook.com/nxtbooks/nrfe/stores0809http://www.nxtbook.com/nxtbooks/nrfe/stores0709http://www.nxtbook.com/nxtbooks/nrfe/stores0609http://www.nxtbook.com/nxtbooks/nrfe/stores0509http://www.nxtbook.com/nxtbooks/nrfe/stores0409http://www.nxtbook.com/nxtbooks/nrfe/stores0309http://www.nxtbook.com/nxtbooks/nrfe/stores0209http://www.nxtbook.com/nxtbooks/nrfe/stores0109http://www.nxtbook.com/nxtbooks/nrfe/stores1208http://www.nxtbook.com/nxtbooks/nrfe/stores1108http://www.nxtbook.com/nxtbooks/nrfe/stores1008http://www.nxtbook.com/nxtbooks/nrfe/stores0908http://www.nxtbook.com/nxtbooks/nrfe/stores0808http://www.nxtbook.com/nxtbooks/nrfe/stores0708http://www.nxtbook.com/nxtbooks/nrfe/stores0608http://www.nxtbook.com/nxtbooks/nrfe/stores0408http://www.nxtbook.com/nxtbooks/nrfe/stores0308http://www.nxtbook.com/nxtbooks/nrfe/stores0208http://www.nxtbook.com/nxtbooks/nrfe/stores-globalretail08http://www.nxtbook.com/nxtbooks/nrfe/stores0108http://www.nxtbook.com/nxtbooks/nrfe/stores1207http://www.nxtbook.com/nxtbooks/nrfe/stores1107http://www.nxtbook.com/nxtbooks/nrfe/stores1007http://www.nxtbook.com/nxtbooks/nrfe/stores0907http://www.nxtbook.com/nxtbooks/nrfe/stores0807http://www.nxtbook.com/nxtbooks/nrfe/stores0707http://www.nxtbook.com/nxtbooks/nrfe/stores0607http://www.nxtbook.com/nxtbooks/nrfe/stores0507http://www.nxtbook.com/nxtbooks/nrfe/stores0407http://www.nxtbook.com/nxtbooks/nrfe/stores0307http://www.nxtbook.com/nxtbooks/nrfe/stores0207http://www.nxtbook.com/nxtbooks/nrfe/stores-globalretail07http://www.nxtbook.com/nxtbooks/nrfe/stores0107http://www.nxtbook.com/nxtbooks/nrfe/stores1206http://www.nxtbook.com/nxtbooks/nrfe/stores1106http://www.nxtbook.com/nxtbooks/nrfe/stores1006http://www.nxtbook.com/nxtbooks/nrfe/stores0906http://www.nxtbook.com/nxtbooks/nrfe/stores0706http://www.nxtbook.com/nxtbooks/nrfe/stores0606http://www.nxtbook.com/nxtbooks/nrfe/stores0506http://www.nxtbook.com/nxtbooks/nrfe/stores0406http://www.nxtbook.com/nxtbooks/nrfe/stores0306http://www.nxtbook.com/nxtbooks/nrfe/stores0206http://www.nxtbook.com/nxtbooks/nrfe/stores0106-globalretailhttp://www.nxtbookMEDIA.com

For optimal viewing of this digital publication, please enable JavaScript and then refresh the page. If you would like to try to load the digital publication without using Flash Player detection, please click here.