Calls for Merchants to Increase Protections to Address Security and Privacy Concerns
SANTA CLARA, Calif., 8 April 2013 - McAfee today released Retail Reputations: A Risky Business, a report on the growing risks the industry is facing with both legacy and newer point of sale systems (POS). The report discusses how the retailing industry’s reliance on third parties for service and support is creating security vulnerability and privacy issues. Today’s advanced security threats mean that a retailer needs to be more than just PCI DSS compliant in order to protect customer information beyond credit cardholder data.
“The industry is very fragmented with a large base of smaller merchants utilizing secondary market or used point of sale systems,” said Kim Singletary, director of retail solutions marketing at McAfee. “Merchants who do not have a broader security and privacy focus are leaving themselves vulnerable to susceptible systems and processes. If security, compliance and privacy adherence were more transparent to consumers, then retailers could look at these things as business differentiators rather than obligations.”
System integrators in the retail industry are being asked to be certified by the PCI Council as a key component to the technology and service supply chain to resolve the inconsistent attention to security and vulnerable configuration issues that could lead to security compromise. Retailers need to be concerned with how they evolve customer engagement and ensure their security strategy and plans address the growing threat landscape. Securing POS systems from basic system functions to newer applications that utilize customer information is essential to protecting the retailer’s brand and reputation.
The McAfee report reveals that POS systems are updated too infrequently, creating vast windows of opportunities for criminals to find and exploit vulnerabilities. Once a new vulnerability is located, businesses using the same types of systems can be easily identified and targeted for attack. The vulnerabilities with POS systems that are not regularly updated increase the likelihood that consumers’ cardholder and personal data is at risk.
“Retailers have worked hard not to store cardholder data, however, they still maintain a great deal of specific proprietary customer data on their networks that are a potential treasure trove for criminals and identity thieves,” said Greg Buzek, founder and president of IHL Consulting Group. “When a security breach occurs, retailers are at risk of losing their customers’ trust and business.”
The report calls attention to the need for retailers to invest in protecting consumers’ information. McAfee recommends retailers implement higher levels of security to defend against advanced security threats such as:
The report also recommends retailers use orchestrated security management solutions for POS systems to reduce the burden of distributed system security monitoring and policy management.
To download a copy of McAfee’s retail reputation report visit http://www.mcafee.com/us/resources/reports/rp-retail-reputations.pdf
McAfee, a wholly owned subsidiary of Intel Corporation (NASDAQ:INTC), empowers businesses, the public sector, and home users to safely experience the benefits of the Internet. The company delivers proactive and proven security solutions and services for systems, networks, and mobile devices around the world. With its Security Connected strategy, innovative approach to hardware-enhanced security, and unique Global Threat Intelligence network, McAfee is relentlessly focused on keeping its customers safe. http://www.mcafee.com
Note: McAfee is a trademark or registered trademark of McAfee, Inc. in the United States and other countries. Other names and brands may be claimed as the property of others.