Point-of-Sale Security

advertisement
Information Security in Retail
Complying with Standards
While Increasing Revenue, Profits,
and Efficiency
February 2008
Turning Necessities into Advantages
 Networked technologies are enabling critical business
initiatives
 Lowered costs through reduced labor and tighter vendor
integration
 with Enhanced Rich Internet Applications = enhanced
customer service
 Increased revenue with e-commerce
 As retailers rely more on their networks, network
vulnerabilities become more critical
 Regulations and industry standards are forcing some
best practices in information security
 A comprehensive, strategic view of
network security helps retailers realize
the full benefits of their networks
Technology Adoption Path
Internet-based
Network
BACK OFFICE
Logistics
Visibility
ERP
Leased Line
Network
Customer
Data
Customer Analysis
Sales Data Database
EDI Analysis
UPC
Warehouse/
DC Inventory
Management
E-commerce
Kiosks
Wireless POS
Broadband
at Storefront
Batch Sales
Data Upload
Barcode
Scanning at
Register
Dial-up Credit
Card Processing
Barcode Stock
Electronic
Management
Registers
RFID
Vendor-managed
Inventory
Electronic
Employee
Register Access
Barcode
Inventory and
Replenishment
Real-time Supply
Chain Visibility
at POS
Wireless
Inventory
and Stocking
STOREFRONT
Increase Inventory Performance
Lower Costs
Business Drivers
Retailers Are Seizing The Opportunities
19%
Cross-channel integration
25%
PCI compliance
Store-level investment to
improve reporting
33%
33%
IT system security
35%
Real-time visibility throughout
the organization
36%
Application Integration
52%
Store-level investment to
improve customer experience
0
10
20
30
40
50
% of survey respondents addressing needs
*Retail Information Systems 5/07
60
More Company Value Depends On Networks
Leveraging networks to increase customer satisfaction
 Supply chain visibility at POS (product availability, ETA for deliveries,
real-time order placement, etc.)
 Maintenance of customer data (loyalty programs, mailing lists,
purchase history and warranty information, service records, etc.)
 Remote/mobile connectivity for direct sales at customer premises
 Remote/mobile connectivity with outbound installation, support and
service calls
 More electronic self-service (online, kiosks, store-provided handheld
or shopping cart device, loyalty program status checking)
More Company Value Depends On Networks
Leveraging networks to cut operating costs




Vendor integration with corporate systems
Third-party (installers, service and support providers) access to data
Online tunnels to data in support of ecommerce initiatives
Fractional staff (call-centers, telecommuter) access to systems and records
More Company Value Depends On Networks
Enabling cross-channel selling to increase revenue
 Contact centers (phone)
 Catalog/direct mail sales
 Online
 Affiliate sales
Outsourcing cross-channel operations to cut operating costs
 Call-centers for phone sales
 Catalog sales processing and fulfillment
 E-commerce website development, maintenance,
and fulfillment
Now you need to secure
that value…
Networks Bring Security Issues
Internet-based
Network
BACK OFFICE
Logistics
Visibility
ERP
Leased Line
Network
Customer
Data
Customer Analysis
Sales Data Database
EDI Analysis
UPC
Warehouse/
DC Inventory
Management
E-commerce
Kiosks
Wireless POS
Broadband
at Storefront
Batch Sales
Data Upload
Barcode
Scanning at
Register
Dial-up Credit
Card Processing
Barcode Stock
Electronic
Management
Registers
RFID
Vendor-managed
Inventory
Electronic
Employee
Register Access
Barcode
Inventory and
Replenishment
Real-time Supply
Chain Visibility
at POS
Wireless
Inventory
and Stocking
STOREFRONT
Increase Inventory Performance
Lower Costs
Business Drivers
The Internet Increases Security Issues
Internet-based
Network
BACK OFFICE
ERP
Leased Line
Network
Customer
Data
Customer Analysis
Sales Data Database
EDI Analysis
UPC
Warehouse/
DC Inventory
Management
Logistics
Visibility
Barcode
Scanning at
Register
Dial-up Credit
Card Processing
Barcode Stock
Electronic
Management
Registers
RFID
Vendor-managed
Inventory
Kiosks
Wireless POS
Broadband
at Storefront
Batch Sales
Data Upload
Lower Costs
E-commerce
Electronic
Employee
Register Access
Barcode
Inventory and
Replenishment
Real-time Supply
Chain Visibility
at POS
Wireless
Inventory
and Stocking
STOREFRONT
Increase Inventory Performance
Network Threats are Business Threats
When you open up your systems to opportunities, you
open them up to threats:
 Supply chain visibility at POS (open systems to vendors)
 System viruses or attacks can slow or stop transactions
 Maintenance of customer data (open systems to employees)
 Potential financial and legal jeopardy from lost or
stolen data – or inappropriate content in the workplace
 Remote connectivity (open systems to contractors/telecommuters)
 Exposes customer records to theft
 Electronic self-service (online, kiosks) (open systems to customers)
 Creates vulnerabilities for hacking and phishing/pharming scams
PCI-DSS
Payment Card Industry Data Security Standards
 PCI Standards Council
 JCB and Visa International
 American Express
 Discover Financial Services
 MasterCard Worldwide
 The protection of cardholder data anywhere it resides
within, or is transmitted by, a merchant’s system.
 Enforced by credit card companies, not governments - yet
 Non-compliance can result in fines, restrictions of credit
card services and loss of consumer confidence
12
PCI?.. Yes!
 Credit card companies don’t want to foot the bill for
retailers’ data security breaches
 They’ve pushed the liability down to the retailers
 Compliance with PCI standards is voluntary, but even one
mistake can be one too many!
 The good news: PCI standards are just sound network
practices
Real Security Is More Than PCI
 Compromised systems run slower or fail completely
 What will 1 minute lost per customer cost in employee expenses
and customer loyalty?
 Liability judgments come right off the bottom line
 Data breaches cost $350 per lost customer record*; what would
such a loss cost you?
 Each additional connection to your network increases your exposure
exponentially
 Do you know how many users your vendors allow to access the system?
 What % of your outsourced services are fulfilled by contract/fractional staff?
 Catastrophic data loss can be fatal
 93% of companies that experience
“significant data loss” are out of business
in 5 years**
* Gartner, 2006
**U.S. Bureau of Labor
Security Considerations in Retail Solutions

Global management: Can you see and control access to your
network and databases down to the user level?

Network traffic “lanes”: Can you segment and control different
kinds of network traffic based on security levels (i.e. transactions
from outsourced call center vs. O&O storefronts)?

Activity controls: Can you permit or deny different types of
network activity (i.e. accessing financial information)?

Content filtering: Can you accept or reject different file types
and Internet content (i.e. music files and video downloads)?

Stored data protection: Can you secure and preserve customer
and proprietary data across your organization so that it doesn’t
get lost or corrupted?
Security Considerations in Retail Solutions

Wireless network access: Can you secure your
premises equipment from being used/accessed from the
street?

Inappropriate content in the workplace: Can you
prevent the use of gambling or other online shopping sites
from appearing in the workplace?

Digital Signage: Can you secure your premises
equipment from being disrupted/misused?

VoIP: Can you protect telephone-based business on this
Internet-based platform?
Basic Secure Network:
Single Location
Network Mgt.
Storefront
POS
Firewall
Bank
Store
Admin
CDP
Wireless
Inventory Mgt.
Warehouse / DC
Basic Secure Network:
De-Centralized Multi-Storefront
Storefronts
POS
Warehouse /
DC
Store
Admin
CDP
VOIP
Call Center
CDP
Wireless
Inventory
Mgt.
Firewall
E-commerce
Site
Secure
Wireless
HQ
Bank
Firewall
Outside Sales
/ Service
SSL-VPN
Vendor
Network Mgt.
Kiosk
Firewall
Basic Secure Network:
Centralized Multi-Storefront
Storefronts
POS
Store
Admin
CDP
CDP
Warehouse /
DC
Wireless
Inventory
Mgt.
Firewall
Firewall
Firewall
Outside Sales
/ Service
Secure
Wireless
HQ
Network Mgt.
Kiosk
Bank
VOIP
Call Center
E-commerce
Site
Vendor
SonicWALL Reference Customers





 Jenny Craig
Big Dog Holdings
AngelatoKemeny's
update Food and Wine
Big Save Furniture
 Panda
Express
with Logo
slide
The Body Shop
 Patagonia
Bubba Gump Shrimp
 Rent-a-Center
Restaurants
 Van Cleef & Arpels
 Health Business Systems
 The Walking Company
(Pharmacy)
 The Wet Seal
 Holiday Inn
 IHop
Ace Hardware
Summary
 Your key business initiatives probably have
an information technology component
 Network and information security is
essential to protecting your business
 Customer relations
 Profitable operations
 SonicWALL has proven solutions for
every aspect of information security
in retail environments
Download