With high-profile examples of retail card crime such as that of retailer TJX in mind, Harvey Nichols infrastructure manager Matthew Suddock described compliance with the new PCI-DSS credit card requirements as “very sensible.”
Suddock chaired a keynote session at security conference Infosecurity earlier today.
“Last I heard, TJX had lost $111m as a result of card data theft – with this in mind, retailers of any size can’t afford not to make themselves compliant,” he said.
Harvey Nichols has put a number of measures in place to ensure compliance with the standard, and has been working on them for the past two and a half years.
Suddock said one major change to the company’s processes has been to reduce the "breadth and depth" of card data retained by the company.
For example, the tills now only record truncated card numbers and the network has been segmented into tills, wireless and PC sub-networks, meaning card information is siloed and cannot be passed from tills to wireless, for example.
Each sub-section of the network is managed separately and has its own firewall.
The company also felt that the credit authorisation process was not compliant and so now outsources this to secure card payment specialist The Logic Group.
Other processes such as anti-virus and patch compliance on tills needed to be tightened up, which has seen LANDesk’s patch management and Symantec’s anti-virus remit both extended.
However, Suddock said implementing technology for compliance was easier than changing the culture: “We have had to brief our operations managers and general managers in stores on the fact that dealing with card information is effectively dealing with cash and therefore incredibly sensitive.”
The company has also implemented Juniper products across its networks, these include an intrusion protection system, a secure access solution and a network security management system.
Have your say on this article
Newsletters
Latest stories from Security Technology
You may also like
Security Technology jobs
Technology Patent Wars
Case studies from large organisations across all sectors
... And rich media, and flexible working, and peaks in traffic ...
Upcoming Events
Join us for this Computing web seminar, in which the Head of BI at the Co-operative Group Nick Colebourn will be explaining just how he reigned in the Group’s sprawling database estate and how significant savings were realised and data quality improved as a result.
Date: 31 May 2012
Time: 11:00 AM
Live June 13th 11:00am: Register now. During this web seminar we will be looking at the sorts of incidents that can bring data centres grinding to a halt and what can be done about them.
Date: 13 Jun 2012
Time: 11:00 am
Receive the latest jobs direct to your inbox
Are you being paid what you are worth?
