McAfee Report Details Risks to Retailers Through Point of Sale Systems

Mon Apr 8, 2013 8:00am EDT

* Reuters is not responsible for the content in this press release.

Calls for Merchants to Increase Protections to Address Security and Privacy
SANTA CLARA, Calif.--(Business Wire)--
McAfee today released Retail Reputations: A Risky Business, a report on the
growing risks the industry is facing with both legacy and newer point of sale
systems (POS). The report discusses how the retailing industry`s reliance on
third parties for service and support is creating security vulnerability and
privacy issues. Today`s advanced security threats mean that a retailer needs to
be more than just PCI DSS compliant in order to protect customer information
beyond credit cardholder data. 

"The industry is very fragmented with a large base of smaller merchants
utilizing secondary market or used point of sale systems," said Kim Singletary,
director of retail solutions marketing at McAfee. "Merchants who do not have a
broader security and privacy focus are leaving themselves vulnerable to
susceptible systems and processes. If security, compliance and privacy adherence
were more transparent to consumers, then retailers could look at these things as
business differentiators rather than obligations." 

System integrators in the retail industry are being asked to be certified by the
PCI Council as a key component to the technology and service supply chain to
resolve the inconsistent attention to security and vulnerable configuration
issues that could lead to security compromise. Retailers need to be concerned
with how they evolve customer engagement and ensure their security strategy and
plans address the growing threat landscape. Securing POS systems from basic
system functions to newer applications that utilize customer information is
essential to protecting the retailer`s brand and reputation. 

The McAfee report reveals that POS systems are updated too infrequently,
creating vast windows of opportunities for criminals to find and exploit
vulnerabilities. Once a new vulnerability is located, businesses using the same
types of systems can be easily identified and targeted for attack. The
vulnerabilities with POS systems that are not regularly updated increase the
likelihood that consumers` cardholder and personal data is at risk. 

"Retailers have worked hard not to store cardholder data, however, they still
maintain a great deal of specific proprietary customer data on their networks
that are a potential treasure trove for criminals and identity thieves," said
Greg Buzek, founder and president of IHL Consulting Group. "When a security
breach occurs, retailers are at risk of losing their customers` trust and

The report calls attention to the need for retailers to invest in protecting
consumers` information. McAfee recommends retailers implement higher levels of
security to defend against advanced security threats such as:

* application whitelisting, 
* point of sale integrity control and 
* hardware-enhanced security.

The report also recommends retailers use orchestrated security management
solutions for POS systems to reduce the burden of distributed system security
monitoring and policy management. 

To download a copy of McAfee`s retail reputation report visit

About McAfee

McAfee, a wholly owned subsidiary of Intel Corporation (NASDAQ:INTC), empowers
businesses, the public sector, and home users to safely experience the benefits
of the Internet. The company delivers proactive and proven security solutions
and services for systems, networks, and mobile devices around the world. With
its Security Connected strategy, innovative approach to hardware-enhanced
security, and unique Global Threat Intelligence network, McAfee is relentlessly
focused on keeping its customers safe.

Note: McAfee is a trademark or registered trademark of McAfee, Inc. in the
United States and other countries. Other names and brands may be claimed as the
property of others.

Erica Coleman, 408-346-5624
Zeno Group
Greg Wood, 650-801-7958

Copyright Business Wire 2013