Introduction How big is the threat?
Chapter 1 Security standards PCI compliance
Chapter 2 Updating typical systems
Data transmission and storage
Chapter 3 Frequently asked questions about new systems
“Are any of these technologies relevant to my business?”
“If I invest in these new technologies, will I make more money or reduce my overhead?”
“How do I get started?”
“What technologies are coming that I need to be aware of?”
Chapter 4 Making it all work
Governance and audit
Conclusion Compliance is not enough
Breaches in data security are a significant problem, and are continuing to grow. The Privacy Rights Clearinghouse, a nonprofit organization dedicated to tracking data breaches in the United States, reports that from 2005 to 2011, there have been more than 540 million records breached in the United States. In 2011, there were nearly 550 breaches involving in excess of 30 million sensitive records.
2013 does not look like it is going to be better. Already at least one major player has been compromised. In March 2012, it was reported that Global Payments (GPN), a company that processes card payments, had experienced a breach that potentially compromised 10 million card numbers and involved all of the major credit card providers. The impact was significant and swift — GPN’s stock dropped 9 percent the day the breach was announced, and Visa announced that it had removed the company from its list of preferred credit card processors, according to the April 3 article “1.5 million card numbers at risk from hack,” posted on CNN.com.
Small merchants may think such a massive breach does not affect them, but that belief is incorrect. According to a July 21, 2011, article in the Wall Street Journal, “Hackers Shift Attacks to Small Firms,” 63 percent of the 761 reported data breaches in 2010 occurred at companies with 100 employees or fewer.
“Retailers think they’re too small to be noticed,” said Brad Cyprus, senior security architect with Houston-based VendorSafe Technologies, a provider of security solutions. “The perception is that hackers have to make a deliberate effort to get into your system, and so they only go after the big chains. But the reality is hackers have software that can scan a multitude of systems and find the most vulnerable ones. The hacker himself doesn’t even necessarily know what kind of store the information is coming from. He just uses his automated systems to retrieve the data from vulnerable locations.”
This guide, sponsored by VendorSafe Technologies, will discuss how retailers can protect themselves from breaches, including what security standards are, if legacy systems can be made compliant and how to prepare for the future.