itbusiness.ca — In order to prevent identity theft in retail organizations the PCI data standard states that credit and debit card information cannot be stores by point of sales applications/terminals. Unfortunately, most point of sale providers never got the memo. Corporations have to sensitive protect data all the time - why is this any different?
Jun 27, 2007 View in Crawl 4
xposurenetworksJun 27, 2007Submitter
Corporations have to protect confidential information that is accessible through IP networks connected to the Internet every day. The principles surrounding the process to secure information is the same regardless of whether the information is stored in a gas station or head office of any major corporation. If point of sale providers cannot implement controls to eliminate the storage of confidential information within their applications - what do you do? Change point of sale systems? Throw the baby out with the bathwater? Not feasible. What is an order of magnitude less expensive is implementing proper security controls, processes and policies. By following best practices retailers can bridge the gap between PCI non-compliance issues and good corporate security...