ITB BLOG

The 6 most effective security measures for retailers

Data breaches are in the news in full force so far in 2014.

First there was the colossal Target security breach that compromised over 100 million customer accounts and may yet impact hundreds of thousands of Canadian consumers. Now Merrillville, Ind. White Lodging services Crop. reports its point of sales systems used at hotel chains such as Marriott, Holiday Inn, Westin, Renaissance, and Radisson have suffered a suspected data breach. The data may have included customer names, credit card or debit card numbers, security codes and expiration dates. Fourteen hotel locations in the U.S. are affected.

In the wake of these breaches, the US banking and retail sectors are waging vocal fights to assign blame and pin responsibility on one another.

But what if there was a better way? We hear a lot about chip-and-pin (EMV cards) and the advantages of Canadian retailers vis-a-vis security, but is it really superior? As it turns out, yes, it’s useful and effective, but only in the presence of other layers of control. So let me take a crack at a simple list that would serve to provide Canadian retailers with an effective way to protect cardholder data. As such they need to:

1.    Comply with Canadian privacy law.
2.    Adhere to the PCI-DSS 3.0 standard.
3.    Adopt EMV payment systems.
4.    Employ intrusion detection technologies.
5.    Conduct employee background checks.
6.    Deploy physical security measures.

Although few Canadian retailers will confess to it, they’re scared because that’s the kind of publicity they don’t need. I don’t believe they have a false sense of security. I believe they are experiencing uncertainty in their ability to protect payment cards, and as such they have to make a decision: to invest in data protection, or not.

Claudiu Popa
Claudiu Popahttp://www.SecurityandPrivacy.ca
Claudiu Popa is a security and privacy advisor to Canadian enterprises, associations and agencies. He is an author, speaker and lecturer. Connect with him on Twitter @datarisk, Facebook, G+ or LinkedIn.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Latest Blogs

ITB in your inbox

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.