Straight Talk On Data Security
WHY PCI COMPLIANCE IS NOT ENOUGH

Retailers are currently engaged in a dangerous and expensive game of catch-up with early generation wireless technologies that were not designed with the required compliance measures of today in mind. Yet the issue now is not about compliance, it’s about security. While the industry focuses on meeting PCI goals, winning retailers see compliance as part of a larger set of issues – the ability to protect and ultimately please the customer.

According to Gartner, since 2003 the incidence of identity theft has increased by over 50%. The impact to retailers is real; it is documented in today’s headlines. High profile breaches for brand name retailers have been exposed, resulting in millions of compromised credit cards and multiple millions in fines and lawsuits. Most recently Hannaford was attacked with over $4.2M worth of damage documented to date.

The dizzying amount of information and misinformation about achieving PCI compliance is a full time job. The recent changes to PCI make it even tougher for retailers to keep pace, better yet, ahead of potential attacks on their most important asset – your customers. Make no mistake; those endeavoring to compromise your networks are not rookies having fun on a Saturday afternoon. The effort is well organized, well financed, and intensely motivated. Most importantly, security is not only a concern for those retailers running wireless networks. All retailers, regardless of the kind of network they run, must achieve compliance and also be concerned about security.

Consider the following:

The average cost for a data breach is increasing

• The average cost is $300 per lost record, while the average cost to secure a personal data record is only $16/year. (Gartner)
• The average total per incident costs were $6.3 million in 2007, compared to an average of $4.8 million in 2006 (The Ponemon Institute)
• The cost of lost business increased by 30 percent to an average of $4.1 million in 2007 (The Ponemon Institute)

• PCI section (11.1): Scan compliance can cost $400-$1000 per store per quarter
• Additional costs include: Consultants, contractors, and internal labor resources used to achieve compliance
• Costs for auditing

Recent changes to the PCI requirements detail the impact on Wired and Wireless networks, Data Logging, Reporting, and the mandatory use of Intrusion Detection Systems. Perhaps the most impactful change to the PCI requirements is in section 11.1, which now mandates quarterly scanning of every retail outlet. This change alone, while prudent, can cause significant pressure on your resources and cost to your business. Dealing with the amount of data, correlating it, and turning it into useful information that enables you to proactively protect your business is even more complex.

Motorola & AirDefense can help mitigate the risks of security breaches, automate collection of data, correlate information to prepare PCI compliance reports, and help decrease the cost of compliance. Together, Motorola & AirDefense have successfully deployed security solutions for numerous retailers, with homogenous or multiple vendor environments. In addition, AirDefense was recently named the Best Intrusion Prevention System for 2008 by SC Magazine and the only vendor to receive the Best Buy and 5 Star Rating in each of the rating categories.

Please join us on July 30, 2008 for dinner and an interactive discussion to better understand the real threats to your brand integrity and how to leverage PCI compliance best practices to create enduring and operational security.

Please RSVP By July 28, 2008
WWW.AIRDEFENSE.NET/RSVP/IL