News & Events
PCI Compliance Top of Mind in Retail IT Operations; Bit9 Offers Advice for Achieving PCI Compliance at the Point of Sale
06.12.2007 - Cambridge, Mass. - Did you know that 4 out of 5 cardholder data breaches occur at the point of sale? As the technology used by merchants and their partners has evolved, card fraud has become more sophisticated, and any business that stores or transmits cardholder account data is a potential target. In response to this evolving threat, the major credit card companies have created a set of security standards, known as the Payment Card Industry Data Security Standards or PCI DSS, to protect their customers from security breaches and identity theft.
“The PCI Data Security Standards are designed to thwart identity theft and fraud by establishing controls around how customer data is handled within a company’s information architecture,” said Tom Murphy, Chief Marketing Officer and Vice President of Products and Services at Bit9, a leading application and device control solutions provider. “These new guidelines place requirements on systems that stretch from the central data repository all the way to the point of sale.”
Merchants everywhere are under extreme pressure to comply with the PCI Data Security Standards or risk financial penalties and negative press. The key challenge is how to protect cardholder data on a point-of-sale (POS) system without a dedicated network connection or on-site IT staff to patch security vulnerabilities and update antivirus signatures.
A recent webinar hosted by Bit9, entitled “Achieving PCI Compliance at the Point of Sale,” detailed the challenges of securing a POS system, including identifying unauthorized software, locking down systems, auditing files, and preventing data leakage.
“As companies work their way through these guidelines, many are discovering their greatest exposure is at the endpoint,” Murphy noted. “PCs deployed in the field, at stores and retail outlets, and at remote locations are more susceptible to hackers and malicious software.”
For example, USB ports and portable storage devices make it easy for store clerks to install unauthorized software and copy confidential information. And, thieves have narrowed in on point-of-sale register software with known vulnerabilities and have exploited these holes to gain access to sensitive cardholder data.
Murphy noted that Bit9’s retail customers are protecting data at these endpoints where it is most vulnerable by locking down PCs to a standard software configuration known as a “whitelist.” Because this whitelist is controlled centrally, PCs can not be modified in the field. Any and all unauthorized software is prevented from running and access to personal storage devices is brought under control. Malware, spyware, and rogue applications and devices are all blocked to ensure the integrity of the computer and its critical data.
For more information on achieving PCI compliance at the point of sale, including a free whitepaper, visit the Bit9 web site. Bit9 offers the most powerful solution for application and device control, giving customers the ability to lock down software and information on store systems, corporate desktops, and laptops in a way that is not only realistic, but easy and efficient. For more information, call Bit9 today at 617.393.7400 or visit the web site at www.bit9.com.
About Bit9, Inc.
Bit9, Inc., the leading provider of application and device control solutions, centrally controls which applications can and cannot run. Bit9’s award-winning, patent-pending technology delivers the easiest and most effective way to achieve Windows desktop lockdown, enabling IT professionals to realize the highest levels of desktop security, compliance, and manageability. Founded in 2002 by the founders of Okena (acquired by Cisco Systems (NASDAQ: CSCO)) and headquartered in Cambridge, Massachusetts, Bit9 is a privately held company. For more information, visit http://www.bit9.com.
Contact:
Tom Murphy
Bit9, Inc.
617.393.7410
tmurphy@bit9.com
