Overview

The Payment Card Industry (PCI) Data Security Standard (DSS) was designed to protect the privacy of customers, as well as payment card and merchant data at the point of sale (POS), in transit, and at rest. Companies that can demonstrate compliance with the PCI standard and prove that they are trustworthy custodians of customer data have the opportunity to build solid customer loyalty. Complying with PCI regulations is challenging because the required security measures span the network and attached systems. Most industry experts agree that the best way to achieve and maintain PCI compliance is to adopt a strategic, holistic approach to network security risk management and compliance that includes the network infrastructure, policies, and procedures. The ability to centrally manage systems, network services, and security is essential to a holistic solution. Cisco offers a network foundation that is an important step for retailers to achieve regulatory compliance requirements and implement data security best practices.

Solution

Using its accumulated best practices, Cisco has developed a set of architectures in a lab environment with PCI requirements in mind. Cisco invited PCI auditors to evaluate these architectures, and the auditors found that the technology, if properly deployed and maintained, could help retailers achieve PCI compliance. Known as the Cisco PCI Solution for Retail, these network architectures support secure transport for point-of-sale traffic, such as credit card data, cardholder information, transaction logs, and database records. These architectures can be used throughout the range of retail environments— from small stores to large retail footprints.

Most Cisco PCI Solution for Retail architectures include:

• Secure routers
• Adaptive security appliances
• Cisco Security Agent
• Compliance reporting and management
• Network Admission Control
• Cisco Advanced Services

Cisco partners also offer a wide range of solutions for antivirus, POS software, wireless POS, scan, audit, and remediation services, and payment applications.

Benefits

• Build a foundation for compliance— with a network infrastructure that helps retailers address many of the 12 PCI requirements and optimize security for sensitive information. In addition, ensuring data security is a fundamental best practice that helps companies meet other state and local regulatory requirements and evolve as regulatory guidance evolves.
• Enhance security risk management— by supporting and helping to enforce Cisco's security best practices. Cisco PCI Solution for Retail architectures help companies build a network that securely and reliably protects their brand images and assets while mitigating the financial risk of noncompliance fines and penalties.
• Enable secure new business initiatives— by eliminating the need to redesign the network to add capabilities. The same security capabilities that facilitate PCI compliance also protect new retail initiatives, such as interactive kiosks, unified communications, and wireless applications.
• Strengthen shopping security— through compliance best practices, enabling retailers to securely use store, employee, and customer data for programs that enhance merchandising, improve the shopping experience, and build brand loyalty.

Resources and Case Studies

• Cisco PCI for Retail Solution Brochure (PDF - 168 KB)
• Piggly Wiggly Customer Case Study (PDF - 522 KB)
• Cybertrust Partner Solution Profile (PDF - 467 KB)
• Intermec Partner Profile (PDF - 205 KB)
• Wincor Partner Profile (PDF - 423 KB)
• ATW Partner Profile (PDF - 449 KB)
• RSAG Data Security Study (PDF - 261 KB)