Security Threats, Hackers And PCI, Oh My!
The issues confronting retailing regarding new security regulations are daunting, to say the least and could almost be considered oppressive. However, retailers have no option but to make the most of the myriad challenges facing them in these areas and turn challenges into wins. It is no easy task.
With regard to PCI (Payment Card Industry), Anne Marie Meyer, program manager, DSW Shoe Warehouse, got her call to take on the job of clearing up any compliance issues one day after a company breach. It was not an easy assignment.
As she noted during the Technology & Operations Store Summit (TOPSS) in Las Vegas in October, “The right decisions for the business and for security are not always the same—in the short run.” In the long run, though, having the processes and systems in place to make sure you know what customer information you have, where you have it and how many times it is replicated represents a key potential business benefit, as well as mandate.
TOPSS is produced by Chain Store Age and Retail Technology Quarterly.
The questions retailers need to ask include some major tasks, such as what personal and potentially PCI-relevant information do I have about my customers and where do I have that information? Is it stored in one or in 100 different applications? Are there paper receipts stored in boxes in backrooms or warehouses that no one even knows about or remembers yet may contain critical information about consumers’ personal identification, including credit-card and Social Security numbers?
To address these tough questions, every retailer must create a strategy that encompasses the entire company. Meyer also made suggestions such as “starting a share group in your (geographic) area to learn together and help avoid mistakes. You may be competitors in the stores, but this is an area that can benefit everyone.”
Keeping Up With Legal Requirements
Benita Kahn, an attorney at law firm Vorys, Sater, Seymour and Pease LLP, discussed the latest laws and statutes facing the retail industry during the session “Legal Requirements on Retailers: How to Keep Up!”
Companies must comply with an abundance of legal requirements throughout the space and in order to avoid potential liability, it’s important for retailers to stay on top of the game.
Kahn brought attendees up to speed on the latest laws enacted to address identity theft. Kahn also detailed compliance considerations for an array of marketing platforms, including new media (such as Facebook, MySpace and mobile marketing).
For more information on potential liability and what retailers should avoid, visit www.csatopss.com to download the presentation.
As difficult and frustrating adhering to PCI requirements is, ensuring overall security against hackers and other major customer-information security threats is an even greater challenge, noted Eddie Schwartz, chief security officer for NetWitness. The task, he warned, represents a moving target, with hackers and thieves always developing new methods of attack. Yet retailers must have sensible, smart and dynamic policies and practices in place to keep from becoming an identity-theft victim.
One intriguing area he cited in particular had to do with encryption technology, which most retailers might think is the answer to solving PCI and other information security threats. “Believe it or not,” Schwartz said, “hackers love encryption and they use it extensively.”
Schwartz noted that encryption actually makes it more difficult for retailers to precisely and transparently monitor their own networks—not a good environment for protecting data and detecting break-ins, he warned.
Another increasingly common use of technology that he said represented a literal gold mine of opportunity for hackers to exploit is the use of Skype for Internet telephone calls. While it may come as a disappointment to the growing number of retailers and others using the technology to talk free across the globe, Schwartz said anyone who uses Skype is opening a Pandora’s Box for hackers to exploit your network and steal data.
He also noted that “Designer Malware”—software programs such as viruses that are created to hack into your network specifically—is not only on the rise but here to stay. “Hacking is lucrative, safe and not difficult [to accomplish], if you are not doing your job,” he told the roomful of retail and vendor attendees.
CompUSA may get a new look
ADDISON, Tx. After opening a new format store last month, CompUSA may be changing the format of its other stores, depending on customer demand and product interest.
According to reports, the elements found in the prototype store, located in Texas, will be incorporated into other CompUSA locations across the United States.
The nearly 7,700 square-ft. relocation site includes an Apple shop featuring Mac computers, iPods and Apple accessories, and a full-length LCD TV wall.
Additional expansions include extended gaming, which includes an entire wall devoted to the Nintendo Wii, PlayStation3 and Xbox 360 gaming platforms, plus a PC gaming setup to test equipment and play new titles.
While businesses can get their share of support with a specialized services section, all consumers can visit the store’s redesigned IT support area.
“This new store aligns CompUSA’s vision to better serve its three core customers, the technology enthusiast, educated professional and small and medium businesses,” said Gabriela Villalobos, the retailer’s sales and operations evp.
CompUSA announced in April that it would narrow its focus to three core customer groups rather than try to serve a mass audience.
The move was part of a comprehensive restructuring, initiated last February, that included an overhaul of senior management and the closure of half its store base as the privately held chain looked to improve sales and profitability.
Walgreens withdraws from CVS provider plans
DEERFIELD, Ill. After many months of talks over low and below-market payment rates by CVS Caremark for four prescription plans, Walgreens has withdrawn as a pharmacy provider from the plans.
Patients affected include members of prescription benefit plans managed by CVS Caremark for ArcelorMittal, Johnson Controls, Progressive Casualty Insurance and Wisconsin Education Association Trust.
Most of the affected members live in Illinois, Indiana, Michigan, Ohio and Wisconsin.
Trent Taylor, president of Walgreens Health Services, the managed care division of Walgreens, released the following statement:
“This is not where we wanted negotiations to lead,” he said. “We’re sorry that our pharmacy patients and CVS Caremark’s clients are caught in the middle, and we’ll do all we can to ensure a smooth transition for our patients to another pharmacy. Meanwhile, we’ll continue to work on resolving this issue with CVS Caremark.
“Leaving a benefits plan is an extraordinary step for us, but it demonstrates how extraordinarily low our payments were from CVS Caremark. We can’t continue accepting reimbursement rates that are drastically below market, while offering patients needed special services such as 24-hour pharmacy access and drive-thru pharmacies.”