In the past few weeks, I’ve received two replacement credit cards. And, no, this does not indicate I’ve done too much shopping! It means that hackers are continuing to target retailers and the bank decided I needed to be protected by new credit card numbers.
I’m Carol Ferrara-Zarb, and as the leader of Cisco’s Security Solutions team, I’m joining the Cisco Retail blog today to talk to you about security and compliance in the store. While consumers certainly worry about security, the concerns of retailers are magnified because you are among the highest-profile targets right now for professional hacker attacks. Store owners and operators are just about lying awake at night wondering who is going to be next.
At the same time, change is continuing on the security front, particularly in the area of PCI compliance. At the end of this calendar year, the new 3.0 version of the PCI DSS mandate will come into force. Are you ready for the new requirements?
If you’re a Cisco customer, you very well may be. Join us on July 23 for a free, one-hour webcast called, “Straight Talk about Reducing Complexity and Maintaining Compliance in Retail.” Cisco Security Architect Christian Janoff, who sits on the PCI Security Standards Council Board of Advisors, and Aaron Reynolds, PCI Managing Principal for Cisco partner Verizon, will lead a candid discussion on retail security. The session covers:
The changes in the PCI DSS 3.0 mandate and their impact on your retail business
How to satisfy three standards—PCI, SOX, and HIPAA—by configuring one control
Implementing the latest, simplified strategies for PCI scope reduction, and how they can be superior to traditional methods for many retailers
You’ll come away with an overview of today’s threat landscape, and we’ll put it all into perspective to support your continued pursuit of compliance and retail success. Registrants will also receive the Simplifying Compliance Answer Kit, a set of documents and tools to help you understand compliance better.
The webcast takes place on July 23 at 10:00 am PT/1:00 pm ET. Please register today! Be sure to bring your questions to take part in the discussion.
Last weekend was a typical one, nothing out of the ordinary: errands, science fairs, softball practice with the kids. However, I found myself hesitating a number of times, thinking twice, before I handed my credit card to the cashier at the mall for to purchase a pair of shoes and again as I typed in my credit card number and security code online to purchase some items for a school fund raiser. In the past, I hadn’t given this much thought, but with yet another data breach in the news, it seems that the breaches are continuing to occur – and as consumers, we will continue getting those ‘Dear John’ letters informing us we were one of the unlucky ones…
With news of another data breach of up to 1.5 million credit and debit cards compromised last month as well as high-profile data attacks against the International Monetary Fund, National Public Radio, Google and Sony’s PlayStation Network, data security should be top of mind to all of us. So, how are these breaches continuing despite all of the efforts to secure customer data? In a series of blog entries to follow, we’ll outline the anatomy of a data breach, steps you can take to reduce your risk, and how Cisco can help keep your organization from being the topic of the next breach headline.
Anatomy of a Data Breach:
It used to be that hackers were in the business of hacking for fame or infamy… mostly individuals or groups of friends were doing small-time breaches, leaving digital graffiti on well-known websites. Although these breaches demonstrated security gaps among those affected, there was little financial impact compared to today. It should come as no surprise in a world of big data, that it is harder than ever for organizations to protect their confidential information. Complex, heterogeneous IT environments make data protection and threat response very difficult.
For retailers and merchants, January 1st, 2012 is the deadline after which all audits for PCI compliance need to be at the Data Security Standards 2.0. At Cisco we have invested in education content as well as architecture designs for PCI 2.0 to help retailers address compliance and secure credit card data.
Need to learn about the basics of PCI 2.0? Check out the following Fundamentals of PCI YouTube Video
For a little more deeper education about PCI including navigating the ins and outs of compliance, dig into design and implementation, and tips for a successful audit, check out the following Cisco Techwise TV episode titled “Everything You Wanted to Know About PCI But Were Afraid to Ask”
Many have argued that the PCI DSS, Payment Card Industry Data Security Standard is too complex to be realistic in a real-world environment. Cisco takes the opposite stance maintaining that the principles and security standards contained within the documentation should actually be considered a minimum. The true challenge being not in the implementation but in the ongoing management -- the maintenance if you will.
This show promises to layout a simplified view of the standard with real-world, practical advice where anyone can find exactly how they would apply their unique situation. We have pulled out all the stops with our story-telling and top notch guests as we have members of the standards board, networking experts and certifies QSA auditors joining us.
PCI. It’s not just for Breakfast
It’s amazing how many networks fall into the “compliance required” category. For PCI it only takes one credit card transaction to be at risk…but rather than focus on the negativity of the required audit – this topic and the maturity of the standard is actually good for ANYONE interested in protecting their data. You may have the typically binary response as to whether this show applies to you…but I think you need to give it a go. You may be surprised….the show and the Shownotes are after the jump.
Recently there has been a series of news items as enterprises announce they have been breached and their sensitive customer and financial records compromised. According to Verizon 2011 Breach report 92% of the attacks were external and 76% of all data breached came from servers. The PCI Security Standards Council is an open global forum formed in 2006 that is responsible for the PCI Data Security Standard (PCI DSS), a standard that is designed to protect cardholder data.
I sat down with Lindsay Parker, Cisco global retail industry director about Cisco’s current investments and efforts to help retailers and merchants secure customer credit card data and maintain compliance with PCI DSS.