Retail Industry Drivers and Challenges

Every encounter between a retailer and a customer offers an opportunity not only to strengthen brand but to boost loyalty by providing unique value through customer tailored products and services. To provide this differentiation, retailers must know their customer in-depth. However, the application and storage of this consumer information presents a growing potential exposure for the retailer.

The longstanding retailer concern of the protection of consumer credit card information is underscored by the recent indictment of hackers in " the theft and sale of more than 40 million credit and debit card numbers” from major U.S. retailers which is “believed to constitute the largest hacking and identity theft case ever prosecuted by the Department of Justice”.¹

Retailers may risk financial loss from the card network interchange bank fines, the card networks themselves and civil lawsuits. On top of that, as of November 2008, 44 US states had enacted security breach legislation laws², for which retailers must comply. Data breaches not only represent risk to consumers but also result in direct financial losses to retailers as well as potentially having a lasting impact on the retailers’ reputation and brand.

By minimizing these risks, retailers may better protect their corporate image, brand and consumer’s trust, ultimately ensuring a profitable business.

Industry Solutions

Lumension’s Security Management Solutions Secure Consumer and Financial Data at the Endpoint

Lumension’s security management software protects consumer information from insider threats and cyber criminals who target consumer credit card data by providing comprehensive vulnerability management, endpoint security, and data protection solutions enabling you to:

Challenge Lumension Solution
Achieve PCI Compliance Lumension® Compliance and IT Risk Management helps organizations achieve lower costs of compliance by automating IT audit workflows, harmonizing controls with policy requirements, and providing greater reports and visibility across IT assets for optimal security and compliance management.
Lumension® Vulnerability Management
helps businesses in meeting specific PCI DSS v1.2 requirements. In particular, Requirement 6: Develop and maintain secure systems and applications and Requirement 11: Regularly test security systems and processes, are areas addressed by Lumension Vulnerablility Management.
Lumension® Data Protection aids the implementation of strong access control measures. Specifically Data Protection may help achieve compliance with Requirement 7: Restrict access to cardholder data by business need-to-know
Data Protection also provides methods for securely encrypting data that may be of use in the “normal course of business” to help businesses achieve compliance with Requirement 3: Protect stored cardholder data.
Prevent data breaches By maintaining a patch management system such as Lumension® Vulnerability Management organizations minimize their exposed attack surface and reduce risk in accordance with generally accepted security practices.
Minimize the impact of data breaches If a breach occurs, encryption of the lost data may be critical to limiting the damage. Lumension® Data Protection and technology partnerships ensure encryption of data stored on a multitude of media.
Source:
  1. U.S. Department of Justice, August 5th 2008 (http://www.usdoj.gov/opa/pr/2008/August/08-ag-689.html
  2. National Council of State Legislatures, November 4th 2008, (http://www.ncsl.org/programs/lis/cip/priv/breachlaws.htm