Retail Security Solutions
Qualys is our main tool for PCI compliance. It helps to automate many of our tasks associated with PCI, from assessing relevant systems to providing our reports to the banks.
Network Engineer, Foxwoods Resort and Casino
After several years of high-profile retail and payment processor data breaches, the attention toward retailer IT security has never been so high -- and retailers have never been such a prime target for attackers. Retailer databases and point-of-sale systems are the targets of criminals looking to profit from any security hole they can find that would lead them to the credit card data they need to sell in the underground, commit transaction fraud, or identity theft. All of these pressures come at a time when there's great strain to cut costs just to maintain an acceptable margin level.
In an effort to help retailers, merchants, and payment card processors better secure their systems, the Payment Card Industry Data Security Standards Council established the Payment Card Industry Data Security Standard, known as PCI DSS. PCI DSS requirements apply to all payment card network members, merchants and service providers that store, process or transmit cardholder data. And the standard covers all payment channels, including retail (brick-and-mortar), mail/telephone order and e-commerce. The core requirements are organized in six categories as outlined in the figure below, and include maintaining a secure network, putting in place a continuous vulnerability management program, and regularly testing and monitoring networks.
Retailers Avoid Penalties via PCI DSS Compliance
Penalties for non-compliance can be substantial. Participating companies can be barred from processing credit card transactions, higher processing fees can be applied; and in the event of a serious security breach, fines of up to $500,000 can be levied for each instance of non-compliance.
One of the most crucial efforts a retailer can do to remain secure and compliant is having a sustained vulnerability management program in place for all systems in the organization, with a special emphasis on those systems that fall directly under the PCI DSS mandate.
While many retailers turn to third party assessors, or manual vulnerability scanners, smart retailers seek more efficiency by automating the processes associated with vulnerability and risk management, and PCI DSS compliance reporting.
How Qualys Helps Retailers Remain Secure and Compliant
Qualys® PCI provides retailers the easiest, most cost-effective and highly-automated way to achieve compliance with PCI DSS. Qualys PCI draws upon the same highly accurate scanning infrastructure and technology as Qualys' flagship solution, Qualys - used by thousands of organizations around the world to protect their networks from the security vulnerabilities that jeopardize security and compliance.
Qualys is an Approved Scanning Vendor (ASV), and is fully certified to assess PCI DSS compliance. And because Qualys PCI is delivered as an on-demand Web application, Qualys PCI is the most accurate, easiest to use service for turnkey PCI compliance testing, reporting and submission. Qualys PCI enables retailers to promptly complete the PCI self-assessment questionnaire, and conduct network and web application security scans to efficiently identify and eliminate security vulnerabilities. The Qualys PCI "auto submission" feature completes the compliance process, allowing users to submit compliance status to one or multiple acquiring banks.
Finally, because Qualys PCI makes it possible to scan, whenever needed, at no additional cost - retailers can assess their networks whenever it's needed to maintain a solid security posture such as when systems are updated, new vulnerabilities are announced, or new Internet attacks are underway.