December 13, 2007, 12:00 AM

Retailers monitoring broader scope of payments security data, expert says

While addressing the Payment Card Industry Data Security Standard for protecting consumers’ credit card information, more retailers are also considering other national and international standards, says Brian Contos, chief security officer of ArcSight.

Paul Demery

Managing Editor, B2B E-commerce

While preparing to meet requirements of the Payment Card Industry Data Security Standard for protecting consumers’ credit card information, retailers are getting more effective coverage by also considering other national and international standards, says Brian Contos, chief security officer of ArcSight Inc., a provider of enterprise-wide data security and compliance management applications.

“There’s been a great deal of maturity and awareness within the retail industry, which seems to be more comfortable now about monitoring data,” Contos says.

In addition to addressing the 12 security measures within the Payment Card Industry Data Security Standard, which determine how merchants should guard stored customer data from being stolen or otherwise compromised, retailers are reaching more effective levels of data security by also adhering to standards put out by the National Institute for Standards and Technology, which cover such methods as configuring authorized network access and establishing network firewalls, Contos says.

In addition, retailers are adhering more to standards by the International Standards Organization, which sets industry-wide best practices for business processes, Contos says.

“Most large companies are aware of these standards,” he says.

To help smaller retailers and other companies begin to take similar steps in data monitoring across multiple sets of standards, ArcSight recently launched ArcSight Logger, an application that sits on a retailer’s network and logs aggregated information on how stored data is accessed and maintained. With web browser access, users of ArcSight Logger can check for any unusual patterns in how stored customer data is accessed.

The ArcSight Logger can be used separately or along with the enterprise-level ArcSight ESM Compliance Insight Package for Payment Card Industry, which is designed to assist in the preparation of payment card industry data security audits.

Comments

Sign In to Make a Comment

Comments are moderated by Internet Retailer and can be removed.

Not a member? Signup for free today!

Advertisement

Advertisement

Advertisement

Relevant Commentary

FPO

Jason Squardo / Mobile Commerce

Five tips for achieving high mobile search rankings

Searches on mobile devices will soon exceed those on computers, Google says. Retailers that keep ...

FPO

Sergio Pereira / B2B E-Commerce

Quill turns to its B2B customers for new ideas

Coming in April is a new section of Quill.com that will let customers and Quill ...

Advertisement