NEW YORK, Nov. 28, 2012 /PRNewswire/ -- Now that retailers have stocked their shelves, decked out their aisles and halls and put in place discounts for in-store and mobile shoppers, it's critically important for them to secure point-of-sale online and mobile systems. As retailers – from large chains to mom and pop operations -- gear-up for the holiday shopping season, Verizon is offering security tips that should be at the top of every retailer's holiday checklist.
"We know from Verizon's 'Data Breach Investigations Report' that retailers -- which benefit from the lion's share of consumer spending over the holidays -- are among the most vulnerable to cybercrime and theft," said Scott Eason, vice president of retail and financial services for Verizon Enterprise Solutions. "Taking stock of vulnerabilities and putting some simple practices in place will help retailers protect their customers and assets."
Here is a list worth checking twice to bolster security for retailers' operations and customers:
- Maintain current compliance with Payment Card Industry Data Security Standards. (PCI-DSS). Compliance with PCI-DSS requires continuous adherence. This means a daily log review, weekly file-integrity monitoring, quarterly vulnerability scanning and annual penetration testing. To maintain continued compliance, Verizon recommends designating an internal PCI "champion" so that compliance becomes part of daily business activities during the holidays -- and every day.
- Self-validate very carefully – or entrust it to a credible expert. Top-tier merchants – which process the highest volumes of cardholder transactions – are allowed to assess themselves against the PCI standards. But due to the numerous issues and conflicts of interest this can cause, Verizon recommends that an objective and credible third party validate the scope of the assessment or perform the testing.
- Only use third-party security vendors who are credible experts. Verizon's "Data Breach Investigations Report' analysis revealed that small businesses and franchises of large chains are most vulnerable to cybercrime. If a third-party vendor manages a retailer's POS systems, the retailer should ask the vendor to confirm that PCI compliance measures are in place.
- Educate employees so that they can recognize security breaches and help keep security measures active. In addition to designating an internal PCI champion to ensure that the PCI security standards are being adhered to, employee education is critical for recognizing telltale signs of a breach and to understanding that prevention measures are working.
- In the era of omni-channel retailing, ensure that online and mobility channels are secure. Protect public-facing Web assets, which are great for attracting customers, but also magnets for cyberthieves. Protect in-store mobile assets through mobile-device management that can authorize approved employee access to corporate information, encrypt data, protect against viruses, and remotely lock and wipe devices of critical corporate information.
- Frequently change administrative passwords on all point-of-sale systems. Hackers constantly scan the Internet for guessable passwords, so avoid using POS systems to browse the Internet.
- Implement a firewall or access control list on remote access and administration services. If hackers can't reach a retailer's system, they can't easily steal from it.
"There will be many opportunities throughout the holiday season for mischievous hackers, thieves and other bad actors to breach retailers' systems," added Eason. "For retailers, taking steps to ensure they're protected will be essential to keeping cash registers ringing, Web transactions shipping and digital wallets pinging with confidence."