If you own a retail store and accept credit card transactions, then you are undoubtedly aware of the PCI DSS regulatory requirements that you must meet. If you manage a distributed retail environment with multiple store ‘endpoints’ than you are not only aware of the PCI DSS requirements, but likely challenged with what can easily be one of the most complex IT environments for unified security and compliance management.
The distributed retail environment presents a multitude of unique IT challenges that stand apart from a more pedestrian single-store infrastructure; business pressures are forcing retailers to be more agile, more aggressive, and more efficient. To remain competitive, retailers have to invest in IT systems that help retain and nurture customer and brand loyalty, as well as increase sales and, simultaneously, reduce operating costs. No easy task to be sure!
So what does it take to meet the PCI DSS protocol? Simple… you meet these 12 requirements:
Build and maintain a secure network:
- Install and maintain a firewall configuration to protect cardholder data
- Do not use vendor-supplied defaults for system passwords and other security parameters
Protect cardholder data:
- Protect stored cardholder data
- Encrypt transmission of cardholder data across open, public networks
Maintain a vulnerability management program:
- Use and regularly update antivirus software or programs
- Develop and maintain secure systems and applications
Implement strong access and control measures:
- Restrict access to cardholder data by business need to know
- Assign unique IDs to each person with computer access
- Restrict physical access to cardholder data
Regularly monitor and test networks:
- Track and monitor all access to network resources and cardholder data
- Regularly test security systems and processes
Maintain and information security policy:
- Maintain a policy that addresses information security protocol for all personnel
Any retailer found to be non-compliant may face substantive financial penalties, regardless of whether or not a breach has occurred. Typically, fines for non-compliance are levied based on the size of the retailer, but in some cases, a credit card provider reserves the right to expel a retailer from its program, thus effectively cutting off acceptance of that vendor’s credit card. Therefore, it is critical that a retailer maintain PCI DSS compliance.
One way to protect yourself and your distributed retail environment is with a UTM system (preferably from WatchGuard). UTM systems provide unparalleled firewall protection to control data traffic in and out of a distributed network. Additionally, UTM systems protect against unauthorized access from the Internet and include integrated IPS to prevent hackers from gaining access to internal resources.
Specifically designed for distributed retail environments, our RapidDeploy solution is a unique cloud-based configuration utility that enables uniform, rapid deployment of UTM security appliances across a distributed environment. This eliminates the need for IT professionals to pre-configure devices or travel to deployment sites for installation, which significantly reduces total cost of ownership, while also reducing the risk of UTM misconfiguration.
UTMs also offer gateway antivirus protection, and with a security subscription it’s updated automatically and seamlessly. And at WatchGuard, our UTM security supports extensive policy controls. This way, distributed retailers can maintain and enforce uniform policies across a variety of geographic locations. With our LiveSecurity service, your UTM security solution provides best practices and related security updates for retailers to ensure they are up to speed on the latest security developments.
Today’s distributed retail environment architecture is one of the most challenging IT environments, rivaling that of banks and financial institutions. While the distributed retail environment offers substantive business advantages, such as increased sales, improved customer loyalty, and operational efficiencies, it also poses significant challenges. With a smart UTM in place, you can spend more time generating sales, and less time worrying about PCI DSS compliance.