Information Security in Retail Complying with Standards While Increasing Revenue, Profits, and Efficiency February 2008 Turning Necessities into Advantages Networked technologies are enabling critical business initiatives Lowered costs through reduced labor and tighter vendor integration with Enhanced Rich Internet Applications = enhanced customer service Increased revenue with e-commerce As retailers rely more on their networks, network vulnerabilities become more critical Regulations and industry standards are forcing some best practices in information security A comprehensive, strategic view of network security helps retailers realize the full benefits of their networks Technology Adoption Path Internet-based Network BACK OFFICE Logistics Visibility ERP Leased Line Network Customer Data Customer Analysis Sales Data Database EDI Analysis UPC Warehouse/ DC Inventory Management E-commerce Kiosks Wireless POS Broadband at Storefront Batch Sales Data Upload Barcode Scanning at Register Dial-up Credit Card Processing Barcode Stock Electronic Management Registers RFID Vendor-managed Inventory Electronic Employee Register Access Barcode Inventory and Replenishment Real-time Supply Chain Visibility at POS Wireless Inventory and Stocking STOREFRONT Increase Inventory Performance Lower Costs Business Drivers Retailers Are Seizing The Opportunities 19% Cross-channel integration 25% PCI compliance Store-level investment to improve reporting 33% 33% IT system security 35% Real-time visibility throughout the organization 36% Application Integration 52% Store-level investment to improve customer experience 0 10 20 30 40 50 % of survey respondents addressing needs *Retail Information Systems 5/07 60 More Company Value Depends On Networks Leveraging networks to increase customer satisfaction Supply chain visibility at POS (product availability, ETA for deliveries, real-time order placement, etc.) Maintenance of customer data (loyalty programs, mailing lists, purchase history and warranty information, service records, etc.) Remote/mobile connectivity for direct sales at customer premises Remote/mobile connectivity with outbound installation, support and service calls More electronic self-service (online, kiosks, store-provided handheld or shopping cart device, loyalty program status checking) More Company Value Depends On Networks Leveraging networks to cut operating costs Vendor integration with corporate systems Third-party (installers, service and support providers) access to data Online tunnels to data in support of ecommerce initiatives Fractional staff (call-centers, telecommuter) access to systems and records More Company Value Depends On Networks Enabling cross-channel selling to increase revenue Contact centers (phone) Catalog/direct mail sales Online Affiliate sales Outsourcing cross-channel operations to cut operating costs Call-centers for phone sales Catalog sales processing and fulfillment E-commerce website development, maintenance, and fulfillment Now you need to secure that value… Networks Bring Security Issues Internet-based Network BACK OFFICE Logistics Visibility ERP Leased Line Network Customer Data Customer Analysis Sales Data Database EDI Analysis UPC Warehouse/ DC Inventory Management E-commerce Kiosks Wireless POS Broadband at Storefront Batch Sales Data Upload Barcode Scanning at Register Dial-up Credit Card Processing Barcode Stock Electronic Management Registers RFID Vendor-managed Inventory Electronic Employee Register Access Barcode Inventory and Replenishment Real-time Supply Chain Visibility at POS Wireless Inventory and Stocking STOREFRONT Increase Inventory Performance Lower Costs Business Drivers The Internet Increases Security Issues Internet-based Network BACK OFFICE ERP Leased Line Network Customer Data Customer Analysis Sales Data Database EDI Analysis UPC Warehouse/ DC Inventory Management Logistics Visibility Barcode Scanning at Register Dial-up Credit Card Processing Barcode Stock Electronic Management Registers RFID Vendor-managed Inventory Kiosks Wireless POS Broadband at Storefront Batch Sales Data Upload Lower Costs E-commerce Electronic Employee Register Access Barcode Inventory and Replenishment Real-time Supply Chain Visibility at POS Wireless Inventory and Stocking STOREFRONT Increase Inventory Performance Network Threats are Business Threats When you open up your systems to opportunities, you open them up to threats: Supply chain visibility at POS (open systems to vendors) System viruses or attacks can slow or stop transactions Maintenance of customer data (open systems to employees) Potential financial and legal jeopardy from lost or stolen data – or inappropriate content in the workplace Remote connectivity (open systems to contractors/telecommuters) Exposes customer records to theft Electronic self-service (online, kiosks) (open systems to customers) Creates vulnerabilities for hacking and phishing/pharming scams PCI-DSS Payment Card Industry Data Security Standards PCI Standards Council JCB and Visa International American Express Discover Financial Services MasterCard Worldwide The protection of cardholder data anywhere it resides within, or is transmitted by, a merchant’s system. Enforced by credit card companies, not governments - yet Non-compliance can result in fines, restrictions of credit card services and loss of consumer confidence 12 PCI?.. Yes! Credit card companies don’t want to foot the bill for retailers’ data security breaches They’ve pushed the liability down to the retailers Compliance with PCI standards is voluntary, but even one mistake can be one too many! The good news: PCI standards are just sound network practices Real Security Is More Than PCI Compromised systems run slower or fail completely What will 1 minute lost per customer cost in employee expenses and customer loyalty? Liability judgments come right off the bottom line Data breaches cost $350 per lost customer record*; what would such a loss cost you? Each additional connection to your network increases your exposure exponentially Do you know how many users your vendors allow to access the system? What % of your outsourced services are fulfilled by contract/fractional staff? Catastrophic data loss can be fatal 93% of companies that experience “significant data loss” are out of business in 5 years** * Gartner, 2006 **U.S. Bureau of Labor Security Considerations in Retail Solutions Global management: Can you see and control access to your network and databases down to the user level? Network traffic “lanes”: Can you segment and control different kinds of network traffic based on security levels (i.e. transactions from outsourced call center vs. O&O storefronts)? Activity controls: Can you permit or deny different types of network activity (i.e. accessing financial information)? Content filtering: Can you accept or reject different file types and Internet content (i.e. music files and video downloads)? Stored data protection: Can you secure and preserve customer and proprietary data across your organization so that it doesn’t get lost or corrupted? Security Considerations in Retail Solutions Wireless network access: Can you secure your premises equipment from being used/accessed from the street? Inappropriate content in the workplace: Can you prevent the use of gambling or other online shopping sites from appearing in the workplace? Digital Signage: Can you secure your premises equipment from being disrupted/misused? VoIP: Can you protect telephone-based business on this Internet-based platform? Basic Secure Network: Single Location Network Mgt. Storefront POS Firewall Bank Store Admin CDP Wireless Inventory Mgt. Warehouse / DC Basic Secure Network: De-Centralized Multi-Storefront Storefronts POS Warehouse / DC Store Admin CDP VOIP Call Center CDP Wireless Inventory Mgt. Firewall E-commerce Site Secure Wireless HQ Bank Firewall Outside Sales / Service SSL-VPN Vendor Network Mgt. Kiosk Firewall Basic Secure Network: Centralized Multi-Storefront Storefronts POS Store Admin CDP CDP Warehouse / DC Wireless Inventory Mgt. Firewall Firewall Firewall Outside Sales / Service Secure Wireless HQ Network Mgt. Kiosk Bank VOIP Call Center E-commerce Site Vendor SonicWALL Reference Customers Jenny Craig Big Dog Holdings AngelatoKemeny's update Food and Wine Big Save Furniture Panda Express with Logo slide The Body Shop Patagonia Bubba Gump Shrimp Rent-a-Center Restaurants Van Cleef & Arpels Health Business Systems The Walking Company (Pharmacy) The Wet Seal Holiday Inn IHop Ace Hardware Summary Your key business initiatives probably have an information technology component Network and information security is essential to protecting your business Customer relations Profitable operations SonicWALL has proven solutions for every aspect of information security in retail environments