Securing Consumer Confidence

Consumers tend to have long memories, particularly when it comes to news that can affect their pocketbooks.

One recent poll of 500 consumers illustrates how deeply consumers continue to worry about using their credit cards in retail environments when they aren’t sure data security systems are in place to protect them.

The survey, sponsored by retail data security systems provider Solidcore Systems, found that eight in 10 consumers believed that some retail locations are safer than others for using credit and debit cards, and 74 percent would not use their credit cards in stores where they felt their financial or personal information might be at risk. Forty-two percent said they worry that POS systems are insecure and at risk for fraud.

On the other side of the equation, 83 percent of respondents said that an industry standard like the Payment Card Industry Data Security Standard would make them more comfortable shopping with credit cards. But, as retailers know, implementing and maintaining PCI-DSS requirements can be a complex and costly process.

A poll of IT and PCI-compliance professionals conducted last spring by information security consultant Emagined Security, San Carlos, Calif., and Frederick, Md.-based Fortrex, a supplier of qualified security assessor (QSA) services, found that 57 percent had either experienced a PCI-compliance control deficiency in the past year or did not know if they had a PCI-compliance deficiency in their IT environments. Only 6 percent said they were “completely confident” that they would not suffer a data breach following a successful PCI-compliance assessment.

One of the primary reasons retailers lack confidence in their customer data security systems is the complexity of implementing and maintaining compliance with PCI-DSS security standards.

Mike Lewis is executive vice president and CIO of Ottawa, Ontario-based Giant Tiger Stores, a 185-unit family discount store chain. His company implemented Solidcore’s POS Check and Control Solution because it afforded the ease of working with “just one product to secure our POS systems while also ensuring comprehensive coverage of the PCI-compliance requirements across our distributed store systems.” Solidcore works by controlling access to all types of POS devices, ATM machines — even medical devices.

Seal of safety
San Diego-based NSS Labs, an independent security product testing and certification organization, concluded that Solidcore’s embedded software provided “extremely strong malware protection and prevented the unauthorized execution of 100 percent of 15,557 malware samples.” It achieved “a 100 percent score in maintaining host integrity and 99.98 percent in malware protection.”

To help its retail customers communicate the security benefits to consumers, Cupertino, Calif.-based Solidcore plans to launch a “seal of safety by Solidcore” security logo (similar to the Good Housekeeping seal of approval or the VeriSign online secured seal) early in 2009.

The Payment Card Industry Security Standards Council also is developing a secured seal, says Anne Bonaparte, president and CEO of Solidcore.