December 13, 2007, 12:00 AM

Retailers monitoring broader scope of payments security data, expert says

While addressing the Payment Card Industry Data Security Standard for protecting consumers’ credit card information, more retailers are also considering other national and international standards, says Brian Contos, chief security officer of ArcSight.

While preparing to meet requirements of the Payment Card Industry Data Security Standard for protecting consumers’ credit card information, retailers are getting more effective coverage by also considering other national and international standards, says Brian Contos, chief security officer of ArcSight Inc., a provider of enterprise-wide data security and compliance management applications.

“There’s been a great deal of maturity and awareness within the retail industry, which seems to be more comfortable now about monitoring data,” Contos says.

In addition to addressing the 12 security measures within the Payment Card Industry Data Security Standard, which determine how merchants should guard stored customer data from being stolen or otherwise compromised, retailers are reaching more effective levels of data security by also adhering to standards put out by the National Institute for Standards and Technology, which cover such methods as configuring authorized network access and establishing network firewalls, Contos says.

In addition, retailers are adhering more to standards by the International Standards Organization, which sets industry-wide best practices for business processes, Contos says.

“Most large companies are aware of these standards,” he says.

To help smaller retailers and other companies begin to take similar steps in data monitoring across multiple sets of standards, ArcSight recently launched ArcSight Logger, an application that sits on a retailer’s network and logs aggregated information on how stored data is accessed and maintained. With web browser access, users of ArcSight Logger can check for any unusual patterns in how stored customer data is accessed.

The ArcSight Logger can be used separately or along with the enterprise-level ArcSight ESM Compliance Insight Package for Payment Card Industry, which is designed to assist in the preparation of payment card industry data security audits.

comments powered by Disqus

Advertisement

Advertisement

Advertisement

From IR Blogs

FPO

Bill Siwicki / Mobile Commerce

Should I PIN my hopes on Apple Pay?

I was excited for Apple Pay. And I still am. But boy did I ever ...

FPO

Adam Forrest / E-Commerce

Five online shopping trends to watch in the upcoming holiday sea

Retailers will engage more effectively with mobile shoppers in stores, pool cross-channel inventory and introduce ...

Advertisement