PCI Compliance

Since a primary motivation for cyber attacks has been financial gains, credit card information has been a leading target for hackers. Naturally, payment card systems have become a favorite for cyber criminals eager to make a quick dollar due to the amount of confidential information they send and receive every single day. Especially in our modern society where online sales dominate and the utilization of wireless/mobile payment systems becoming increasingly popular, it’s become paramount to prioritize your security and gain trust with your customers.

IoT Creates a New Attack Vector

As wireless and IoT technologies became more commonplace, we’re observing a shift in retail from wired to wireless connected devices. From PoS systems to inventory scanners, these devices are all sending confidential information through the airspace now. As retailers adopt IoT to streamline their daily operations and create gains in productivity and convenience, the reality is that many of these IoT and wireless devices weren’t designed with security in mind. They are commonly designed with security as an afterthought, resulting in unknown backdoors and superfluous USB ports that hackers can take easily take advantage of to compromise and gain access to the device. All of this this presents a new challenge to Retailers.

Our Approach

In late 2013, a massive US-based retailer suffered a critical data breach that compromised around 70 million credit and debit card information. This is in part due to a weakness in their wireless network that allowed cyber criminals to exploit that weakness and steal confidential information. On May of 2017, the retailer finally reached a settlement for 18.5 million dollars. The result of such a large-scale data breach is clear; not only does it lead to costly fines, it will ultimately deteriorate brand reputation, harm stock prices, and threaten the trust between customer and retailer. Wireless security should be a priority not only to achieve PCI compliance but rather to help preserve the integrity of the business itself.

As retailers broaden their deployments leveraging IoT, the wireless infrastructure becomes exponentially more complex and security risks increase. A passive approach is to deploy distributed sensors that do not connect to the ethernet network, and remain autonomous in the environment. This eliminates any risk to the cardholder environment or payment network directly, and allows risks and threats to be reported back through an out-of-band method over LTE to the cloud. The SaaS can report and notify the team of identified threats to allow quick time to resolution, as well as automated mitigation approaches to minimize the window of opportunity for an attacker. This not only achieves PCI Compliance, but provides an audit trail of activity and reporting for the IT and Security teams.