This page contains a Flash digital edition of a book.
16 LOSSPREVENTION&SECURITY

NATIONAL EXPRESS GETS ON ROAD TO COMPLIANCE

with the Payment Card Industry Data Security Standard (PCI DSS). For the international public transport

N

operator and UK household name, protecting customer data was imperative in terms of implementing controls around credit and debit card data in accordance with PCI DSS, as well as protecting its brand reputation.

But the review of its transactional systems was fi rst prompted by a project to add a two-factor 3D Secure authorisation system to its online payment systems, according to Martin Blackburn, director of IT systems development at National Express. “As part of looking at that process,

we wanted to look at PCI compliance,” Blackburn told Retail Technology. “We wanted to demonstrate to the acquirers and card schemes that we had an actively managed plan of action to achieve PCI compliance for our coach payment systems. So we wanted to move as quickly and cost-effectively as possible towards robust, secure and reliable systems.”

National Express selected card

transaction processing and security consultancy, The Logic Group to provide initial risk assessment through to compliance

ational Express is using third-party services to upgrade its payment systems and ensure compliance

certifi cation services. The provider also offered National Express the opportunity to outsource its payments service, dramatically reducing its scope for PCI DSS compliance. “Rather than having internal people

supporting payment systems, they can be focused on those systems that are hosted internally,” explained Blackburn. “At the same time, we’ve reduced overheads involving all the hardware, software and other infrastructure components that are handled by the managed service. Effectively, we have one less system to look after.” He added that having The Logic

Group’s dedicated specialists on-site helped minimised any potential compliance disruption. “We have to go through accreditation for each of the acquirers we do business with and the process did take longer than we expected – about three months. But if you get the right consultant on-site, the iterative development process can fl ow quite smoothly.”

Although the implementation was cost

neutral and is helping National Express avoid fi nes and other associated costs for non-compliance with the prescriptive PCI DSS standard, Blackburn added: “We are already seeing a reduction in operating costs. But most importantly a more secure service provision for our business is now in place.”

TOTTENHAM HOTSPUR 1 FRAUDSTERS 0

Tottenham Hotspur Football Club has recently signed identity verifi cation supplier, 192business to secure their site against fraudsters trying to purchase goods. By using 192business’ Prove-ID solution, Tottenham Hotspur is accessing a variety of databases such as credit reference data, to stop fraudsters but allow their genuine fans to continue shopping. Victoria Howarth, Tottenham Hotspur’s head of retail commented: “We have chosen

to work with 192business due to the need to make our website as secure as possible for the customers who shop with us. It is also about an additional layer of checks that help us to protect our business from the ever-present threat of fraud.”

RETAIL TECHNOLOGY MARCH/APRIL 2010

UK nursery retailer, Kiddicare wanted to safeguard customer data against possible security breaches, while complying with strict security standards, including the Payment Card Industry Data Security Standard (PCI DSS). In order to effectively control and manage its e-commerce solution, giving it the freedom to improve and develop the website, it was decided to deploy IBM Websphere. This gave the IT team more fl exibility, but the solution was unable to carry out the vital PCI and security checks the business required to operate. In April 2007, Kiddicare selected

QualysGuard, an on-demand vulnerability management and policy compliance system from Qualys, to scan all fi rewalls and web, application and database servers. QualysGuard allowed the IT team

to comply with new PCI regulations, automatically schedule scans every month to stay PCI compliant and run concise reports, which offer in-depth fi xes for vulnerabilities. “We’ve found QualysGuard really easy to use and very good value for money,” Barrie Ainsworth, head of IT at Kiddicare, told Retail Technology. “Qualys keeps us up-to-date with the latest PCI standards, it saves us money on expensive engineer fees and it gives us peace of mind of the data security for the business.” He also praised the work of

third-party consultancy, Salmon, which has also worked with Kiddicare to implement its Endeca, Venda and IBM- based e-commerce systems.

DATA SECURITY IS CHILD’S PLAY FOR KIDDICARE Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40
Produced with Yudu - www.yudu.com