First Data’s Security Panel Offers Tips for Protecting Your Business

Seventy percent of all security attacks on retailers are aimed at swiping credit card data, according to RSA Solutions Development Director Robert McMillon.

Even more disturbing, McMillon said many of today’s solutions for merchants don’t work.

“You guys kinda suck at data security. I’m happy to be invited here to tell you that,” added his co-panelist, Securosis CTO Adrian Lane. “There’s a big difference between being compliant and secure.”

He explained there are both noisy and quiet security threats for retailers.

“Most of you spend your budgets on the noisy threats (spam, viruses). If someone is browsing around your database, that doesn’t get attention… There’s not as much interest in data theft,” he said.

Lane said retailers spend money on noisy threats, because they want to avoid negative publicity and high legal expenditures.

The panelists also broke down security tools into the widely deployed solutions (firewalls, anti-virus, signature-based IDS/IPS, vulnerability scanning, encryption, identity management, patch management) and those less frequently used (database security, SIEM, anomaly-based IDS, Web application, tokenization, data loss prevention, GRC).

Yet the panelists again stressed that many of today’s widely deployed solutions are in reality are hardly effective.

“The bad guys have moved onto something new and attacking you in new and interesting ways. We’re not doing a good job of solving tomorrow’s problems, and that’s ’cause there’s so many possibilities of what those problems could be. The bad guys have a lot of smart people who are profit-driven themselves and whose goals are to get around your security,” said McMillon.

He added that 55 percent of all attacks intended to swipe data are highly customized, whether a worm, virus or other form. 

The pair touted tokenization as a key solution. Tokenization, they said, is the act of using a substitute value, or token, which has no inherent value in the place of data that has value.

National Retail Federation’s 100th Annual Convention & Expo

Sunday, Jan. 9

1) Using Mobile Payments to Increase the Base of Contactable Customers (9 a.m.)

– The Golden Rule of mCommerce  

– Astounding Figures on the Growth of Mobile Banking

– Why Mobile Could Be the Ultimate Cross-Channel Marketing Tool

– What Consumers Want Out of Retailers’ Mobile Apps

– 90% of Consumers Would Pay for Mobile Payment Options

2) Target and ConAgra Foods on Converting Social Media Activity into Sales (10 a.m.)

3) First Data’s Security Panel Offers Tips for Protecting Your Business (11:30 a.m.)

4) IBM on How to Capitalize on the Smarter Consumer (1:45 p.m.)

5) SAP Examines Precision Retailing and the Mobilized Consumer (3 p.m.)

Monday, Jan. 10

1) Deloitte VP Offers Suggestions for Harnessing Power of Technology in Retail (10:30 a.m.)

2) Macy’s, Tesco and Food Lion Executives Analyze Evolving Retail Landscape (11:45 a.m.)

3) Why Bankers Might Not Be Fond of the Tesco Credit Card (12:15 p.m.)

4) Greetings from the Floor at NRF! (1:45 p.m.)

5) Social Commerce: Is It Worth the Effort? (2:45 p.m.)

6) iPad Retail Apps: Thumbs Up or Thumbs Down (3:15 p.m.)

7) Steve Madden and Golfsmith’s Biggest mCommerce Mistakes of 2010 (4:30 p.m.)

8) Merchants’ Perspective on Formulating an mCommerce Strategy (4:45 p.m.)

9) Introducing the 3D Fitting Room (5 p.m.)

10) Google ‘Locates’ New Multichannel Shopping Feature (5:30 p.m.)

NRF Final Thoughts: Looking Ahead to the Next 100 Years in Retail