Express Computer
Home  »  archive  »  Tech Views  »  Safe Shopping: What it Takes

Safe Shopping: What it Takes

0 24

Retail shops are frequent targets of cyber theft but a secured buying experience is attainable with the right planning and technology, says Rajesh Maurya

Globally, the retail industry is among the top three industries to be targeted by cyber criminals. Due to the sheer number of merchants accepting payment cards, the relatively low level of security and the many attack vectors available, the number of breaches is large and continuously growing. The increasing use of mobile devices combined with the introduction of Near Field Communication (NFC) wireless technology and applications such as augmented reality only serve to exacerbate the problem.

Some of the most highly reported examples of cyber theft in the retail sector come from the US and include TJX, Subway and Barnes & Noble. The breaching of these merchants’ in-store wireless networks, point-of-sale (POS) systems and credit card readers resulted in tens of millions of credit cards being compromised and the loss of personally identifiable information, in addition to financial losses for those merchants. These large-scale incidents of cyber theft highlight the need for retailers to better secure their operations.

Modern retail security
Traditionally, retailers have been securing their stores by using either store-based routers with basic security functionality, or an overlay point security solution plugged into the store network, or a private WAN to bring all traffic back to the data centre for inspection. Each of these methods have their drawbacks, either for lack of functionality, inability to scale or excessive costs.

Instead, retailers should take a closer look at each of the four primary building blocks of a secured distributed environment, and take steps to address the particular issues faced by their organization at each of these levels.

1. Access: A s stores extend access to employees and consumers using mobile devices, ensuring secure access is critical. Secure access control through rogue access point detection, authentication, guest Wi-Fi services, rate limiting and load balancing is important.

2. Store: The individual store level requires security and connectivity for a wide variety of functions including Wi-Fi, voice and traditional network connectivity. With the addition of consumer connectivity, each store must also be able to provide security functions, such as anti-malware and application control.

3. Aggregation: This level is the destination for all data. Typically this is the retail headquarters. Core security functions such as firewall, application control and VPN termination take place here.

4. Management: Given the widely distributed nature of modern retail establishments, the ability to centrally manage and quickly modify the various security appliances guarding the organisation is essential. Having a security platform across the enterprise will allow this to be done effectively.

As part of this more in-depth security strategy, retailers should closely consider their options for implementing a network security solution that is both comprehensive and cost-effective. In order to address today痴 complex in-store security, the requirements of a strong IT security solution should include :

High performance to improve customer experience: With the growing number of endpoints and applications as well as higher data volumes, each in-store network must provide high performance for continuous credit card processing and POS connectivity to maximise the customer experience and interaction. High performance and low latency traffic flow is especially important during peak transaction periods.

In-depth defence for the in-store wireless LAN: In-store reps are increasingly being provided with wireless tablets to increase interactivity with customers, while some retailers are looking to differentiate services with wireless kiosks, flexible wireless digital signage and customer access through their own devices. The security solution must thus be able to provide the same levels of security to the wireless and wired parts of the network.

Migration to lower-cost public networks: The adoption of low-cost superfast broadband connectivity to stores and/or the use of a secure VPN over the public networks provide lower-cost operational alternatives to private WAN networks. However, leveraging public networks for store connectivity can expose retailers to additional security threats, so it is important that such connections are secure and that the encrypted traffic does not succumb to performance degradation when passing through the security devices.

Adoption of innovative in-store services: The use of advanced technologies make the retail environment more vulnerable to threats. Support of cutting edge customer applications such as the augmented reality applications used as customers move through the store and/or in-store Wi-Fi access to multi-channel retailing and loyalty schemes will become commonplace in the next five years. Security systems will have to scale to hundreds if not thousands of endpoints without incurring significant costs.

PCI-DSS compliance support: With in-store networks carrying credit card transactions, PCI compliance requirements must be satisfied. Security monitoring and rogue detection are explicit requirements in the PCI standard, so it is imperative that retailers are able to analyse user and device behaviour on the in-store network and respond to any threat. Event logging, analysis and reporting capabilities are essential to enable firms to demonstrate compliance with PCI-DSS and other regulations.

In order to remain competitive in today’s changing world, retailers will need to find innovative solutions to create value, fiercely reduce operating costs and mitigate risks throughout the business. For retailers with many geographically dispersed shops, secure network connectivity linking all sites to head office is critical to business operating processes. When the network is breached, IT services can become unavailable and data can be lost with serious consequences to the business.

Retailers therefore need to define a security strategy that addresses the key pillars of their distributed environment and ensure that their security infrastructure is not only robust,
but scalable, easy to manage and cost-effective. Only then can the organisation support multi-channel operations and innovative services such as customer access which will enhance user experience and drive the business – without increasing deployment costs or staff burdens.

Rajesh Maurya is Country Manager, India & SAARC, Fortinet

Get real time updates directly on you device, subscribe now.

Leave A Reply

Your email address will not be published.

LIVE Webinar

Digitize your HR practice with extensions to success factors

Join us for a virtual meeting on how organizations can use these extensions to not just provide a better experience to its’ employees, but also to significantly improve the efficiency of the HR processes
REGISTER NOW 

Stay updated with News, Trending Stories & Conferences with Express Computer
Follow us on Linkedin
India's Leading e-Governance Summit is here!!! Attend and Know more.
Register Now!
close-image
Attend Webinar & Enhance Your Organisation's Digital Experience.
Register Now
close-image
Enable A Truly Seamless & Secure Workplace.
Register Now
close-image
Attend Inida's Largest BFSI Technology Conclave!
Register Now
close-image
Know how to protect your company in digital era.
Register Now
close-image
Protect Your Critical Assets From Well-Organized Hackers
Register Now
close-image
Find Solutions to Maintain Productivity
Register Now
close-image
Live Webinar : Improve customer experience with Voice Bots
Register Now
close-image
Live Event: Technology Day- Kerala, E- Governance Champions Awards
Register Now
close-image
Virtual Conference : Learn to Automate complex Business Processes
Register Now
close-image