PCI Compliance and Retail Data Security

Payment Card Industry (PCI) compliance drives network integrity and secure, end-to-end transactions, supporting effective retail operations.

PCI compliance as mandated by the Payment Card Industry Data Security Standard (PCI DSS) protects customer privacy, as well as payment card and merchant data.

Addressing PCI Compliance Challenges and Business Risks

The PCI compliance process requires retailers to perform a thorough audit of their networks, policies, and processes. Because individual retailers tend to interpret the standard differently, they can create systems that are unnecessarily complex and hard to support.

Ignoring the PCI Compliance standard is risky. Retailers can be fined and even lose card processing privileges. Security breaches can damage a company's brand, reputation, and lead to financial losses.

To address these challenges and risks, Cisco has developed the Cisco PCI Solution for Retail. Built on the Cisco Intelligent Retail Network (IRN), these architectures help retailers address PCI compliance requirements, such as:

  • Install and maintain a firewall configuration to protect cardholder data
  • Do not use vendor-supplied defaults for system passwords and other security parameters
  • Protect stored cardholder data
  • Encrypt transmission of cardholder data across open, public networks
  • Use and regularly update anti-virus software or programs
  • Develop and maintain secure systems and applications
  • Restrict access to cardholder data on a need-to-know basis
  • Assign a unique ID to each person with computer access
  • Restrict physical access to network resources and cardholder data
  • Regularly test security systems and processes
  • Maintain a policy that addresses information security

PCI Compliance: Getting the Results You Need

The best way to achieve and maintain PCI compliance is through a holistic approach that improves operational efficiency by addressing:

  • Network infrastructure, policies, and procedures
  • Centrally managed systems, network services, and security
  • Accelerated delivery of future network-based applications

PCI Compliance through Best Practices and Powerful Functionality

The Cisco PCI Solution for Retail utilizes Cisco's extensive experience in developing wired and wireless networking technologies. It includes best practices-based architectures, and products that retailers of all sizes can customize to meet their specific needs:

  • Secure routers: Cisco routers support wireless, voice, firewall, intrusion prevention, and traffic profiling applications, as well as VPNs.
  • Adaptive security appliances: The Cisco ASA 5500 Series [[Series is part of the official name, so cap]] offers firewall, antiX, intrusion prevention, and VPN support. Integrated IP Security (IP Sec) and Secure Sockets Layer (SSL) VPN capabilities encrypt data across public networks.
  • Cisco Security Agent: Cisco Security Agent protects against worm and dayzero attack while offering sophisticated protection against information theft from servers and clients.
  • Compliance Reporting and Management: The Cisco Secure Access Control Server, Cisco Security Manager, and Cisco Wireless Control Server deliver centralized management, monitoring, and remediation.
  • Network Admission Control (NAC): Determines which client devices are granted network access.

PCI Compliance Supports Retail Operations Every Day

The Cisco PCI Solution for Retail is built on the Cisco Intelligent Retail Network (IRN) allowing retailers to:

  • Protect Mobile Applications and Data: Retailers can address PCI compliance requirements with a Cisco Unified Wireless solution-protecting wired networks and securing communications over wireless LANs (WLANs), and supporting:
    • Confidentiality
    • User segmentation for effective access control
    • Client device security strategies
  • Create a Secure Foundation: A Cisco Intelligent Retail Network integrates advanced security functionality, enabling retailers to optimize the security of sensitive information and address PCI compliance requirements. It also supports a company's efforts to comply with future regulatory initiatives.
  • Enhance Security and Risk Management: A Cisco Intelligent Retail Network can strengthen a company's overall security posture through:
    • Supporting and enforcing security best practices
    • Helping protect brand image and assets
    • Mitigating the risk of fines, penalties, and lost revenue
  • Enable New Business Initiatives: Advanced network capabilities create a platform that helps retailers respond to new opportunities-without network redesign. The same security capabilities that facilitate PCI compliance also permit new technology intiatives.
  • Strengthen Shopping Security: Investing in the Cisco PCI Solution for Retail is an investment in security best practices whether for online or in-store shopping. It is also an investment in programs that enhance merchandising, improve the shopping experience, and create brand loyalty.

Learn More