Security at the Point of Sale

Cash, cards, inventory and customer data intersect at the point of sale. Here's how to keep your defenses up to date.

1 2 Page 2
Page 2 of 2

For instance, chip-and-PIN technology for credit cards, prevalent in Europe, is more secure than using classic magnetic-stripe cards. TJX Vice Chairman Donald Campbell told The Boston Globe in late August that he'd like to see retailers, banks and card issuers pool their resources and upgrade all cards and readers to the chip-and-PIN system. The cost: about $2 per credit card and as much as $500 per reader, multiplied by 12 million readers. Campbell told the Globe that it would probably cost TJX $20 million to upgrade to chip-and-PIN readers. (TJX did not respond to a request for comment for this article.)

Economic downturns, cost obstacles and technology weaknesses aside, retailers will continue to battle the threats they face. And vendors will continue to try to make it easier to battle those threats. IBM, on October 1, announced its new SecureStore initiative, which aims to help store owners better manage their technology centrally. Evans says that part of IBM's motivation for the announcement is to address the scale problem that retailers face, when trying to upgrade and monitor systems spread out at literally thousands of stores, with perhaps tens of thousands of points of sale. The intent is that companies can use IBM server and management technology to do remote upgrades and monitoring of systems to identify situations such as an open wireless network, and then fix it.

"The current model of delivering security to customers is broken—the customer just wants security to go away," Evans says.

IBM's management effort is not the first, but Kilcourse says it was probably more holistic than others on the market.

La Senza's Marcotte is a likely adopter of SecureStore offerings. He's already using some of IBM's security software, and he's placed a purchase order for IBM's Tivoli management system to help centralize upgrades and monitor the company's roughly 1,000 point-of-sale systems across 350 stores.

Being able to monitor and do software upgrades remotely would be a plus, he says, especially since La Senza tends to upgrade its point-of-sale terminals roughly every three years, which he calls "heavy work" for the six people who work on point-of-sale security at the company.

"This centralized approach will be huge," says Marcotte.

Of course, centralized management creates a single target for hackers to attack. But in security, there are always trade-offs. ##

Copyright © 2008 IDG Communications, Inc.

1 2 Page 2
Page 2 of 2
Make your voice heard. Share your experience in CSO's Security Priorities Study.