PCI Compliance
What Is PCI Compliance?
The Payment Card Industry (PCI) council consisting of the top five payment brands - American Express, Discover, JCB, Mastercard and Visa - has published a Data Security Standard to prevent credit card theft. The PCI standard outlines mandatory security requirements for wired and wireless networks as well as guidelines on how retailers must audit their networks and report compliance with the requirements. As of January 1, 2007, a new Data Security Standard - v1.1 - went into effect and all retailers must now comply with this standard. The PCI data security standard can be found at https://www.pcisecuritystandards.org/.
Why Should You Care About PCI Compliance
On May 4, 2007, every retailer's worst nightmare was realized when The Wall Street Journal published a front-page article on the TJX security breach that resulted in more than 45 million credit/debit card numbers to be stolen. Hackers belonging to a crime ring, attacked TJ Maxx stores sitting a mile away through the in-store wireless network (used for inventory tracking) as the entry point into the data center. Learn more
Like TJX Companies, retailers who are not PCI compliant or have the necessary security controls to thwart network breaches are at risk. The loss of credit card data or being found out of PCI compliance has a damaging effect on any retailers business in multiple ways.
- Loss of consumer confidence which equates to loss of sales
- Fines imposed by banks upon a breach estimated to ~$160 per credit/debit card record stolen. However, if PCI compliant, a safe harbor clause applies and no fines are levied.
- Fines imposed by banks when found out of compliance - estimated to be $10,000 a month or up to $500,000.
The recent media coverage on credit card theft has sparked a renewed focus on securing networks and consumer information. This is why retailers are moving as quickly as possible to shore up wireless security - and to assure PCI compliance. Before Visa fines for non-compliance escalate in September, 2007. And before their brand and share values get adversely affected by security disasters.
Protect Your Customers and Your Business
The crux of the issue for most retailers is the costs and complexity associated with meeting stringent PCI compliance requirements. Specifically, Retail IT has the tough job to:
- Balance Mobility and Security where there is open access for business applications yet closed for hackers
- Retro-fit legacy wired and wireless networks meet the security and mobility needs
To achieve the above, store and warehouse networks have to be re-architected or worse require a forklift upgrade. New network security functionality has to be added. The multiplier factor in retail makes it even worse. A $1,000 cost per store for a 1,000 store chain equates to a $1,000,000 charge to the companies bottom-line.
Aruba Networks has pioneered a unique approach to painlessly and cost-effectively address PCI requirements. With an integrated solution for security and wireless/wired access, retailers can enable the necessary security for PCI compliance and enable business applications at the same time - without upgrading legacy networks. Learn more »
Aruba provides an end-to-end solution to ensure your wireless LAN meets stringent PCI compliance requirements and more importantly, your network is protected. Starting with gap analysis to identify potential security holes; solutions for remediation; to monitoring and auditing for ongoing compliance, Aruba has you covered.
 |
 |
 |
|---|---|---|
| Aruba's RFProtect Mobile enables your IT staff to conduct detailed vulnerability assessments. By scanning the air, the RFProtect Mobile automatically detects your wireless LAN security posture and compares it to requirements defined in the PCI Data Security Standard (DSS). The output is a PCI gap analysis report. Learn more» |
Aruba's provides the most cost-effective solution to meet stringent PCI compliance requirements for wireline and wireless networks and client integrity. Aruba overlays on top of legacy networks to add a security envelope with built-in firewall, wireless IPS, VPN, client integrity and wireless encryption capabilities. Existing and new mobile applications can be securely supported with Aruba's device agnostic, application-aware network. Learn more» | Aruba’s RFProtect Distributed and integrated Wireless IPS maintain logs and results from periodic scans to ensure ongoing compliance. In the event of unexpected out of policy conditions are detected, your security and network administrators can be automatically notified. Daily, monthly or quarterly reports can be generated for your PCI auditors. Learn more» |