NEW YORK – Now that retailers have stocked their shelves, decked out their aisles and halls and put in place discounts for in-store and mobile shoppers, it's critically important for them to secure point-of-sale online and mobile systems. As retailers - from large chains to mom and pop operations - gear-up for the holiday shopping season, Verizon is offering security tips that should be at the top of every retailer's holiday checklist.
"We know from Verizon's 'Data Breach Investigations Report' that retailers - which benefit from the lion's share of consumer spending over the holidays - are among the most vulnerable to cybercrime and theft," said Scott Eason, vice president of retail and financial services for Verizon Enterprise Solutions. "Taking stock of vulnerabilities and putting some simple practices in place will help retailers protect their customers and assets."
Here is a list worth checking twice to bolster security for retailers' operations and customers:
- Maintain current compliance with Payment Card Industry Data Security Standards. (PCI-DSS). Compliance with PCI-DSS requires continuous adherence. This means a daily log review, weekly file-integrity monitoring, quarterly vulnerability scanning and annual penetration testing. To maintain continued compliance, Verizon recommends designating an internal PCI "champion" so that compliance becomes part of daily business activities during the holidays -- and every day.
- Self-validate very carefully - or entrust it to a credible expert. Top-tier merchants - which process the highest volumes of cardholder transactions - are allowed to assess themselves against the PCI standards. But due to the numerous issues and conflicts of interest this can cause, Verizon recommends that an objective and credible third party validate the scope of the assessment or perform the testing.
- Only use third-party security vendors who are credible experts. Verizon's "Data Breach Investigations Report' analysis revealed that small businesses and franchises of large chains are most vulnerable to cybercrime. If a third-party vendor manages a retailer's POS systems, the retailer should ask the vendor to confirm that PCI compliance measures are in place.
- Educate employees so that they can recognize security breaches and help keep security measures active. In addition to designating an internal PCI champion to ensure that the PCI security standards are being adhered to, employee education is critical for recognizing telltale signs of a breach and to understanding that prevention measures are working.
- In the era of omni-channel retailing, ensure that online and mobility channels are secure. Protect public-facing Web assets, which are great for attracting customers, but also magnets for cyberthieves. Protect in-store mobile assets through mobile-device management that can authorize approved employee access to corporate information, encrypt data, protect against viruses, and remotely lock and wipe devices of critical corporate information.
- Frequently change administrative passwords on all point-of-sale systems. Hackers constantly scan the Internet for guessable passwords, so avoid using POS systems to browse the Internet.
- Implement a firewall or access control list on remote access and administration services. If hackers can't reach a retailer's system, they can't easily steal from it.
"There will be many opportunities throughout the holiday season for mischievous hackers, thieves and other bad actors to breach retailers' systems," added Eason. "For retailers, taking steps to ensure they're protected will be essential to keeping cash registers ringing, Web transactions shipping and digital wallets pinging with confidence."
Verizon Enterprise Solutions creates global connections that help generate growth, drive business innovation and move society forward. With industry-specific solutions and a full range of global wholesale offerings provided over the company's secure mobility, cloud, strategic networking and advanced communications platforms, Verizon Enterprise Solutions helps open new opportunities around the world for innovation, investment and business transformation. Visit verizon.com/enterprise to learn more.
Verizon Communications Inc. (NYSE, Nasdaq: VZ), headquartered in New York, is a global leader in delivering broadband and other wireless and wireline communications services to consumer, business, government and wholesale customers. Verizon Wireless operates America's most reliable wireless network, with nearly 96 million retail customers nationwide. Verizon also provides converged communications, information and entertainment services over America's most advanced fiber-optic network, and delivers integrated business solutions to customers in more than 150 countries, including all of the Fortune 500. A Dow 30 company with $111 billion in 2011 revenues, Verizon employs a diverse workforce of 184,500. For more information, visit www.verizon.com.