Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Compliance

Retailers Challenged by Mobility, Securing POS Systems

McAfee and global research and advisory firm IHL Group released a report examining how retailers are reacting to the challenges of managing and protecting store systems.

McAfee and global research and advisory firm IHL Group released a report examining how retailers are reacting to the challenges of managing and protecting store systems.

“The retail storefront has gone through many changes over the last decade, but one thing that hasn’t changed is that customers are looking for a seamless and positive shopping experience,” said Greg Buzek, President at IHL Group, in a statement. “Customers want to be able to buy, fulfill and return anywhere. When done right, the introduction of mobile devices within the store can help enhance the customer experience but comes with expanded risks.”

These changes have caused two significant events to occur – the increased sharing of information between different types of devices, and the need to be able to share information wirelessly within the store, according to the report. Complicating matters is the growing sophistication of criminals looking to compromise retailer systems and complying with requirements of the PCI DSS standard.

In February of 2013, IHL Group surveyed a group of 66 executives in the retail and hospitality industries in North America.  Among Tier I retailers, there were an equal percentage (38 percent) using a whitelisting approach as opposed to antivirus to protect their point-of-sale (POS) systems.

“When we look further into those over $5 billion in revenue, the difference between the two approaches widens significantly with 47 percent choosing a whitelist strategy compared to 26 percent selecting the antivirus strategy, a difference approaching 2x,” according to the report. “This data clearly suggests an ongoing strategy change around securing POS systems. When we consider the drivers section…and then consider the key benefits of whitelisting, we see a strong correlation between security concerns and strategies for addressing those concerns.”

“No survey respondents below $250 million in revenue noted the use of whitelisting, though two-thirds utilized antivirus/anti-malware software to secure their POS systems,” the report added.

The study also revealed that retailers understand PCI compliance, but struggle when the amount and variety of store systems increases to provide the necessary security and compliance management. On average only 22 percent trust the POS system manufacturer to provide security, according to the report.

“The retail storefront has undergone significant changes to deliver convenience and speed to the customer,” said Tom Moore, vice president of worldwide embedded sales at McAfee, in a statement. “Data breaches are not new to this industry, but the expanded footprint of systems like kiosks and digital signs to the mix is adding complexity to the environment. This research validates that the security concern is real and that retailers need to provide a secure experience for their customers.”

Advertisement. Scroll to continue reading.

The report is available here

Written By

Marketing professional with a background in journalism and a focus on IT security.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Compliance

The three primary drivers for cyber regulations are voter privacy, the economy, and national security – with the complication that the first is often...

Compliance

Government agencies in the United States have made progress in the implementation of the DMARC standard in response to a Department of Homeland Security...

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Compliance

Web scraping is a sensitive issue. Should a third party be allowed to visit a website and use automated tools to gather and store...

Cloud Security

Proofpoint removes a formidable competitor from the crowded email security market and adds technology to address risk from misdirected emails.

Application Security

Microsoft on Tuesday pushed a major Windows update to address a security feature bypass already exploited in global ransomware attacks.The operating system update, released...

Application Security

Password management firm LastPass says the hackers behind an August data breach stole a massive stash of customer data, including password vault data that...