A Perspective on Retail Payments Security

A Perspective on Retail Payments Security

The Bottom Line: Retailer Implications

● At a recent conference, Jeff Wilson (Principal Security Analyst at Infonetics), indicated that many of the major breaches in 2014 were identified (with over 2 weeks lead time) by security scanning tools. However, the reaction time and evaluation of alert messaging was stymied by process—inadequate noise filtering, escalation procedures, and communications channels resulted in the right people not knowing if new alerts were different from all the other alerts they were  receiving on a daily basis relative to potential severity and risk.

● Since new viruses and malware are created on an ongoing basis and scanning tools cannot necessarily identify or scan for viruses and malware that have not previously been identified, categorized, and studied, it is possible that many corporate systems have already been compromised without the knowledge of security teams.

● Thus, while the bad news is that it is probably not realistic to be able to prevent and mitigate very single threat to enterprise security, the good news is that there are a few basic steps that
can be taken to reasonably protect customer payment data, which comes with the important benefit of mitigating potential financial losses and reputational damage.

Read white paper (US)