Cisco Blogs


Cisco Blog > Retail

Question: Are you PCI Compliant? Are you Secure? Part 2 of 2

Last week, we sat down with Bart McGlothin and Christian Janoff from Cisco’s security team to discuss PCI Security for Retail to better understand “What is PCI Compliance?” and “How does that affect Retailers?”

As a quick re-cap: PCI Compliance is a 12-step process to secure credit cards. Any retailer that accepts credit card payments must be “PCI Compliant” (i.e., follow those 12 steps). Compliance is enforced by the Retailer’s acquiring bank (the financial institution that processes the credit card payments for the Retailer).

Q. So, we know that Retailers need to be PCI Compliant. How can Cisco help?

A. Cisco has a PCI design and implementation guide for merchants to use.  It really stands alone in the industry because it provides holistic guidance in three key ways:

Read More »

Tags: , , , , ,

Question: Are you PCI Compliant? Are you Secure? Part 1 of 2

A common perception is that there is a difference between being secure and being compliant. A Verizon analysis on cybercrime reported that cyber-attacks on Retailers are increasing and becoming streamlined and automated.  According to the 2012 Verizon PCI compliance report, “97% of breaches were avoidable through simple or intermediate controls”. How does a Retailer protect itself? One method is through PCI Compliance. Does that sound contradictory to that common perception?

Join Cisco on April 16th, 2013 10:00am PT for a webcast on PCI compliance and security with guests from Ponemon Institute, Verizon Business and PCI Security Standards Council.

As part of the planning of the webcast, we sat down with Bart McGlothin and Christian Janoff from Cisco’s security team to discuss PCI compliance and security for retail and get some answers. Here’s what we learned:

Read More »

Tags: , , , ,

Join the PCI Experts to Help You Bridge the Gap Between Compliance and Security

As part of Cisco’s Compliance team, I’ve monitored organizational breaches and attacks. If you’re like me and follow media reports and industry news, then you know that data breaches have increased in severity and frequency. Unfortunately, many organizations do not have the tools, personnel, and funding to prevent, quickly detect, and contain data breaches. The Payment Card Industry (PCI) Security Standards Council offers robust and comprehensive standards to enhance payment card data security. According to Ponemon Institute, organizations that are PCI compliant have fewer data breaches than non-compliant firms do. However, we know that PCI compliance is not enough. Even if you’ve met the stringent requirements of PCI DSS 2.0, your cardholder data may not be totally secure.

So, how can organizations maintain compliance and end-to-end security? The Compliance Solution team has gathered thought leaders in the payment card industry to offer research, guidance and best practices to help organizations overcome these challenges.

Join our webcast on April 16, 2013, with PCI experts from the Ponemon Institute, Verizon Business, and the PCI Security Standards Council to learn how Cisco can help bridge the gap between PCI compliance and security to minimize the impact of an attack. Read More »

Tags: , , , ,

Art of Compliance – Converging PCI Security Science and Art

When most people think about Payment Card Industry security, they think of architecture designs and security standards documents to help merchants protect cardholder data.

As the Cisco retail team worked on our Cisco solution for PCI DSS 2.0, we decided to combine the Science of Compliance (Cisco solution and the Validated Design Guide) with the Art of Compliance, a series of artistic work interpreting security in a new light.

Working with Adam Hagen, Cisco Global Integrated Marketing Communications Manager, Cisco worked with a series of artists in multiple disciplines including paint, digital, sculpture and video, and asked them to interpret security through their eyes. 

The result is a series of artwork, some of which are incorporated into the Cisco PCI DSS 2.0 Design Guide, plus an online gallery  is located on http://www.cisco.com/go/pci2art and on Cisco Retail Flickr

The artwork will be on display at the Payment Card Industry Council North America Community meeting September 20-22 in Scottsdale Arizona as part of Cisco and our partners HyTrust, VCE and RSA sponsorship of the event.

To learn more about some of the artists and their interpretation, we filmed some of the artists with their creations while it was installed in the Cisco San Jose campus for a limited run.

Read More »

Tags: , , , , , , ,

Cisco views on the new Payment Card Industry DSS Tokenization Security Guidelines

The Payment Card Industry Security Council recently released the PCI DSS tokenization guidelines clarifying how tokenization affects PCI compliance and securing cardholde data.  I sat down the Christian Janoff, Cisco retail industry architect whose team  has just finished work on the Cisco Design Guide for PCI DSS 2.0 to talk about his views about this guideline.

Christian’s view of the new tokenization guideline supplement are:

Read More »

Tags: , , , , , ,