PCI compliance and data security for retailers

Like most organizations, retailers use email as a key means of communication, between em­ployees as well as with outside suppliers, processors and vendors. However, high volumes of email traffic across an organization’s network can make it difficult to maintain data security. This is especially important for organizations that process, store, or transmit any credit or debit card information.

Securing Sensitive Information
Breaches of security around credit card information deeply erode customers’ trust and will­ingness to buy, and even a single incident can cost a merchant millions of dollars. To mitigate credit card security vulnerabilities, the major payment card companies have developed the Payment Card Industry Data Security Standard (PCI DSS). All merchants that transmit, pro­cess, or store credit or debit card information – whether in-store, in the back-office, or online – must act in accordance with PCI DSS. If they do not comply, they risk significant fines of up to $500,000 per incident, and the loss of their ability to accept credit card payments.

Avoiding Multi-Channel Malware
Malicious software that sends spam, installs keyloggers, and steals sensitive data is on the rise – and becoming more adaptable. Malware is now commonly spread via multiple methods, including “drive-by” downloads (where a trusted webpage that was hacked inserts malicious code onto viewers’ computers via the Web browser), link emails and a growing number of formats for seemingly legitimate email attachments.

Merchants need to ensure that employee Web use and email communications won’t put them at risk of a credit card security breach or violation of PCI DSS. Keeping their security solutions and infrastructure easy to use and maintain, while still protecting their margins, are also top priorities.

SOLUTIONS AND FEATURES
IronPort® Systems offers leading Internet gateway technology to help merchants ensure that sensitive information is handled securely when transmitted via email.

IronPort has fully integrated PCI DSS compliance for email in its IronPort AsyncOS™operating system. To make compliance simple, IronPort email appliances offer:

• Identification and secure encryption of credit card information included in any part of an email message
• Regular, automated Sophos and McAfee anti-virus updates, as well as IronPort Virus Outbreak Filters™ for immediate protection
• Centralized management, compliance monitoring, and reporting capabilities
• Easy setup and hassle-free maintenance

In addition, IronPort can help make corporate Web use significantly less likely to lead to infiltration by malware designed to obtain customer and credit card information. IronPort technologies to safeguard Internet use include:

• IronPort URL Filters™ Unique combination of a high-performance scanning engine with the industry’s broadest Web database to provide a fast and accurate content filtering solution.
• IronPort Anti-Malware System Optimized for exceptional performance, integrated into a single appliance solution, and built to be fast and accurate, it relies on a less computationally-intensive single scan to evaluate for multiple threats.
• IronPort Web Reputation Tracking technology that helps protect against a broad range of URL-based threats by asking a simple but powerful question – “What is the reputation of the URL?” – and analyzing hard-to-forge data that can determine a great deal about a URL’s trustworthiness.
• IronPort Web Security Monitor™ A real-time threat monitoring and reporting system that is integrated into every IronPort Web security appliance, it tracks all network traffic to identify a broad range of Web security threats.

Web Protection
In today’s highly competitive environment, retailers must not only differentiate themselves, but also protect their companies and their names from litigation and other hazards. They cannot afford to have their operations hampered by IT resource issues or security threats. And inappropriate material from the Internet that appears on the company network can expose them to legal liability. Yet retail employees often need to communicate with suppliers or customers via a Web-based interface or otherwise use the Internet. In that case, IronPort Web security appliances offer protection from spyware and other Web-based threats.

IronPort Web security appliances combine sophisticated technology and IronPort’s Dynamic Vectoring and Streaming™ (DVS) engine to filter URLs, Web reputations, and malware on a single appliance – without compromising performance or speed. IronPort Web security appliances also monitor outbound threats across all TCP ports. Robust management and reporting tools make the IronPort S-Series™ of Web security appliances easy to administer and provide complete visibility into threat-related activity.

Email Security
Merchants depend on email to communicate between employees in different branches, as well as with suppliers and other fulfillment providers. However, significant risks are posed by transmitting customer information or credit card information via email. IronPort email security appliances offer a highly sophisticated way to combat these risks.

In use at top ISPs and many of the world’s largest enterprises, IronPort products have a dem­onstrated record of unparalleled security and reliability. To protect organizations of all sizes, the same code base that powers IronPort’s most sophisticated customers is available in all of IronPort’s email security appliances. The integrated, multi-layer anti-spam and anti-virus technologies – which include IronPort Virus Outbreak Filters and McAfee and Sophos tools – are frequently and automatically updated. Hassle-free to maintain, they ease the burden on IT staff and reduce the downtime associated with viruses, spam and a wide variety of other threats.

Integrated Scanning and Remediation
Additionally, IronPort’s email security appliances offer retailers proactive protection forsensitive customer and credit card data transmitted via email. Integrated scanning and reme­diation mechanisms filter for this information, and automatically encrypt it to keep it secure.

Content Filters and Attachment Scanning
IronPort email security appliances include an integrated scanning engine that can process more than 400 attachment types. To help ensure compliance with PCI DSS, and with each retail organization’s individual security policies, the scanning engine’s flexible structure and easy-to-use interface make it possible to rapidly filter the content of email and attachments.

Smart Identifiers
Administrators can quickly configure IronPort’s appliances to scan for sensitive data strings being sent over email. Sophisticated filters can be set up to scan for valid credit card numbers, social security numbers, ABA bank routing numbers, and CUSIPs. Advanced algorithms ensure high accuracy as well as a low number of false positives.

Automatic Encryption
Whenever outbound messages are detected that include sensitive information identified in an organization’s email security policies, the IronPort appliance encrypts them automatically. Flagged messages may be quarantined by administrators for review and to prevent data loss. Once messages are released, recipients can read them via a secure Web interface, without having to rely on additional hardware (e.g. tokens) or download any additional software. IronPort makes this possible with its powerful IronPort PXE™ encryption technology. Based on the strongest, most widely accepted encryption algorithms, including RC4 and AES, IronPort PXE technology provides secure, policy-based email encryption. It is easy to use for both senders and receivers, requiring no special client software, and is accessible from any email platform, including webmail, Outlook, Lotus Notes, etc. Integrated enrollment and key management eliminate the need for complex Public Key Infrastructure (PKI). IronPort PXE encryption technology is directly integrated on IronPort C-Series™ and IronPort X-Series™ appliances.

PCI DSS compliance functionality for email is included in IronPort’s AsyncOS operating system, which powers all of IronPort’s gateway security appliances. New, purpose-built email security appliances offer retailers a single, fully-integrated solution that combine straditional email security such as spam and virus filtering with functions such as policy creation, content scanning, message encryption and quarantining.

Policy Compliance and Security Management To ensure compliance with the email component of PCI DSS and with customized security policies, retail organizations can benefit from being able to manage, store and monitor all corporate policy settings and audit information in one place. The IronPort M-Series™ secu­rity management appliance is the perfect complement to IronPort’s best-of-breed protection. Designed and built as a flexible management tool to centralize and consolidate important policy and runtime data, it provides administrators and end-users with a single interface for managing their email security systems. The IronPort M-Series ensures top performance and protects corporate network integrity by increasing deployment flexibility.

SUMMARY
To maintain brand loyalty and customer trust, and comply with key industry standards, retailers must keep customer information and credit card data secure – in a market that is becoming increasingly globalized, competitive and technology-intensive. Although increasing use of the Web and email to do business enhances retailers’ productivity and profits, it also offers potential security risks from malware, data loss and system intrusions.

HOW TO GET STARTED WITH IRONPORT
IronPort sales representatives, channel partners, and support engineers are ready to help you evaluate your needs and make your infrastructure secure, reliable, and easier to man­age. To learn more about how IronPort’s email and Web security solutions can help protect you from threats to your brand reputation and bottom line and comply with PCI DSS, visit www.ironport.com or contact IronPort at 650-989-6530.

Click here to download a detailed paper on “PCI Compliance and Data Security for Retailers.”