Report: Data breaches linked to payment card security noncompliance
Basking Ridge, N.J. A report released late Monday by Verizon Business found that data breaches are linked to a failure to comply with payment card security standards.
In a first-of-its-kind “Verizon Payment Card Industry Compliance Report,” the company examined the state of compliance with the Payment Card Industry Data Security Standard (PCI DSS), which was created in 2006 to protect cardholder data and reduce credit-card fraud. Company investigators found that breached organizations are 50% less likely to be PCI compliant and that only 22% of organizations were PCI compliant at the time of their initial examination.
In addition to assessing the effectiveness of the PCI DSS, the report, conducted in 2008 and 2009, identified which attack methods are most common and provided recommendations for businesses on earning and maintaining PCI compliance.
Other key findings included: While 78% of organizations are not compliant initially, on average, organizations meet 81% of the procedures required by PCI. In fact, three-quarters of the organizations met at least 70% of the testing procedures, meaning that with more diligence, they have a good chance of becoming compliant. Only 11% of organizations met less than half the testing procedures at the time of their initial review.
By reviewing the data against official PCI assessments, Verizon analysts determined that organizations that had a data breach are 50% less likely to be compliant with the standard than PCI customers, indicating that PCI compliance can help prevent data breaches.
According to the report, there is a correlation between data breaches and the difficulties companies face in complying with certain PCI requirements. Of the 12 requirements that comprise the PCI DSS, three of them — protect stored data, track and monitor access to network resources and cardholder data, and regularly test security systems and processes — cover areas that are most vulnerable to security breaches. However, those three requirements are also the same ones that companies struggle the most to meet for PCI compliance, according to the report.
By coupling PCI assessment data with the post-breach analysis, Verizon analysts were able to rank the top attack methods used to compromise payment card data: malware and hacking (25%), SQL injections (24%) and exploitation of default or guessable credentials (21%).
Borders names new merchandising VP
ANN ARBOR, Mich. – Borders Group announced that it is welcoming back Kathryn Popoff as VP merchandising, overseeing the promotion and merchandising of adult trade and bargain books. An 18-year retail industry veteran, she joined Borders Group in 2002 as director of multimedia. She was named director merchandising for adult trade books in 2004, and was promoted in 2007 to VP merchandising, a post she held until Nov. 2009.
Larry Norton, who formerly served as SVP merchandising will transition into the role of SVP business development and publisher relations. Norton will now concentrate on long-term strategies to strengthen the book sector, including partnering with publishers and e-book provider Kobo to develop digital content with the overall goal of aggressively growing the company’s e-book business. He will also work with publishers on initiatives directly related to lowering costs and increasing efficiencies within the supply chain
Children’s merchandising director Renee Rockwood, a merchant with more than 16 years of experience, will now oversee gifts and stationery, children’s toys and games and the company’s expansion of adult games and puzzles. In addition, Rockwood will continue to manage the merchandising and promotion of the children’s category.
Borders also recently welcomed 27-year book industry veteran Mike Ferrari as merchandising director trade books. Prior to coming to Borders, Ferrari served in a variety of capacities at Barnes & Noble, including director digital content for Barnes & Noble.com, director merchandising, divisional merchandising director, senior buyer and buyer on the corporate side.
Joanna Goldstein will move into the role of VP non-book merchandising, having previously served as VP marketing. In her new position, she will oversee the digital device and accessory category as well as calendar, newsstand and multimedia. Goldstein brings several years of experience to her new role having previously directed the merchandising and promotion of many of these categories.
Pfresh pause gives TGT time
Target doesn’t need to be in a hurry to return new stores construction to pre-recession levels now that it has the Pfresh remodel program to keep it occupied through 2012 and beyond. By year end, Target expects to have remodeled roughly 340 stores to the Pfresh format, which will give it a total of 450 Pfresh stores. Next year, another 400 remodels are on tap for the Pfresh conversion process, and with that pace expected to continue Target will need all of 2013, 2014 and much of 2015 to complete the chain-wide remodeling program.
By the time the effort is complete, the company’s product mix is going to look very different than it does today, as food and other consumable products grow to account for an increasingly larger percentage of sales. This phenomenon is already taking place. At the end of the most recent fiscal year, the category of food and pet supplies had grown to represent 16% of sales of $65.4 billion compared with 13% of sales of $63.4 billion two year earlier. A similar situation exists with the category Target defines as household essentials. Sales in that category stood at 23% last year compared with 21% two years earlier.
Both categories are expected to be up even more sharply by the time Target reports its full-year results next spring as results from the surge of Pfresh remodels completed this year are included in the results along with the effect of increasing promotional activity in food and consumable categories that has seen those categories regularly among the top performers at Target.