Retailers Not Doing Enough to Protect Financial Data: Survey
October 21, 2008 Alex Woodie
Despite the computer security requirements of the Payment Cardholder Industry (PCI) standard, consumers do not think retailers are doing enough to protect their vital data, suggests a new survey from Solidcore Systems. The survey from Solidcore, which supports the i OS with its real-time change control system, concludes that consumers would feel safer if an independent entity certified retailers, instead of an army of independent auditors who sometimes have different interpretations of PCI.
Solidcore says it surveyed the opinions of more than 500 consumers from different demographic backgrounds scattered across the country. The company did not provide a margin of error, which casts some doubt on the statistical validity of its findings. Taken with a grain of salt, however, the results are worth investigating, especially considering the well-documented struggles of many IT shops to comply with PCI.
Solidcore’s survey suggests that not all PCI remediation projects are equal, at least in the eyes of consumers. More than 80 percent of respondents to Solidcore’s survey say they believe some retail locations to be safer than others for using credit and debit cards, and nearly 75 percent say they won’t shop at outlets where they feel their financial or personal information may be at risk.
Consumers consider point of sale (POS) systems to be the weakest link in the electronic payment system, according Solidcore’s survey. More than 40 percent of respondents say they worry that POS systems are insecure or at risk of fraud. By comparison, only 4 percent worry their receipt will be stolen.
Solidcore says 83 percent of respondents would feel more comfortable about shopping if there was a trusted third party in charge of certifying POS systems. “Currently no industry standard exists,” Solidcore says, “but retailers working with Qualified Security Assessors (QSAs) to implement security solutions can gain a degree of confidence that permeates the organization.”
Solidcore’s flagship product, called S3 Control, boosts the security and helps with PCI compliance by continuously monitoring a variety of operating systems, databases, file systems, applications, and network devices for changes. Earlier this year, the Silicon Valley outfit rolled out support for i5/OS with S3 Control, providing System i shops with another layer of security on top of their change management and network security systems.
Solidcore’s results are timely, considering recent high-profile data breeches at TJ Maxx and others, the ongoing credit crises, the consumer spending slowdown, and the looming holiday shopping season, which promises to be the most challenging for retailers in years.
The time for retailers to take action is now, says Anne Bonaparte, president and CEO of Solidcore. “Retailers that are truly concerned with protecting their brand must begin to place the highest priority on securing store systems, starting with POS systems,” she says.