Security, PCI Compliance Remain Challenges for Retailers: McAfee

By Nathan Eddy  |  Print this article Print

Data breaches and advanced threats are becoming a greater challenge for retailers as they grapple with new forms of payment and security standards.

Without adequate controls to manage store systems and the increase in number and variety of devices, retailers can expect security costs to continue to increase rapidly, according to a McAfee-sponsored report with IHL Group, a global research and advisory firm specializing in technologies for the retail and hospitality industries.

The report, conducted to assess retailer security and the approaches used to safeguard retailer transactional systems, indicated that while IT is constantly evolving, security must evolve, and often times much more rapidly than the devices they are tasked with protecting. The ability to tightly manage the enterprise is a big driver in managing security and controlling costs.

Earlier this year, McAfee and IHL Group conducted an anonymous survey of senior retail and hospitality executives to discuss their strategies to meet PCI compliance and security for their retail systems. The study found security confidence can be closely tied to the device variability within the store, increasing the number of devices is a key driver around introducing significant complication around the ability to secure the store environment.

According to the report, whitelisting is growing in awareness with 31 percent of the respondents including this in their security strategy for point of sale (POS) systems. In the category of retailers that have more than $1 billion in revenue, there is an equal split amongst retailers using a whitelisting approach as compared to antivirus.

"The retail storefront has gone through many changes over the last decade, but one thing that hasn’t changed is that customers are looking for a seamless and positive shopping experience," Greg Buzek, president at IHL Group, said in a statement. "Customers want to be able to buy, fulfill and return anywhere. When done right, the introduction of mobile devices within the store can help enhance the customer experience but comes with expanded risks."

The report noted that as a result of these changes in retail there is increased sharing of information among more and more types of devices, as well as the need to be able to share information wirelessly within the store. Data breaches and more advanced threats are becoming a greater challenge in this area.

"The retail storefront has undergone significant changes to deliver convenience and speed to the customer," Tom Moore, vice president of worldwide embedded sales at McAfee, said in a statement. "Data breaches are not new to this industry, but the expanded footprint of systems like kiosks and digital signs to the mix is adding complexity to the environment."

The study revealed that retailers have a good understanding about payment card industry (PCI) compliance, but they struggle when the amount and variety of store systems increase to provide the proper security and compliance management. According to the survey, on average just 22 percent said they trust the manufacturer to provide security.

"This research validates that the security concern is real and that retailers need to provide a secure experience for their customers," Moore continued. "This is an opportunity for point-of-sale manufacturers to not only relieve the burden from retailers and solve the security challenge, but also enables manufacturers to provide a high valued product with built-in security as a differentiator."

Originally published on www.eweek.com.