This page contains a Flash digital edition of a book.
Feature
just about protecting data, but is simply don’t panic. Many task is to remain vigilant.”
protecting the merchant’s brand businesses that are impacted by the • Level Two applies to merchants
integrity. Any compromised brand 12 compliance requirements have with between one million and six
will suffer in terms of loss of faith or taken the first faltering steps million transactions a year and
trust and customers taking their towards checking their vulnerability validation involves an annual self
loyalty elsewhere. Once lost, it is which is at least an hors d’oeuvre. assessment questionnaire and a
very difficult to rebuild brand Compliance requirements are quarterly scan by an Approved
equity. dependent upon a merchants Scanning Vendor (ASV)
Knowledge of the compliance activity level and there are four • Level Three applies to merchants
issue dates back several years and levels based upon annual with 20,000 to one million e-
deadlines have come and gone, but transactions. commerce transactions per annum
there is still a level of confusion as • Level One applies to merchants where validation is the same as
to what it is and what is expected of with six million transactions a year level two
who and why? or merchants whose data has • Level Four applies to merchants
“Within a business there are many previously been compromised. with less than 20,000 e-commerce
stakeholders involved in the issue of Compliance would require such or less than one million other
compliance from IT to security and merchants to be subject to an transactions with a quarterly scan
loss prevention to HR, Finance and annual onsite security audit and a from an ASV and completion of a
ultimately the CEO and chairman of quarterly network security scan, self-assessment questionnaire may
those in bigger organisations will but as Andrew Henwood, be recommended or required
have to explain to customers and operations director at Trustwave, depending upon acquirer
shareholders why a compromise was told the meeting: “Compliance is compliance criteria.
allowed to take place. You not a destination, it is the journey It is in this last category that many
therefore cannot have a silo – the question everyone should be retailers sit, particularly the smaller
mentality in dealing with this issue,” asking is where am I on the enterprises that do not have large
said Paul Rodgers of Vendorcom. journey? You may be compliant compliance infrastructures or IT
The message from the card industry on the day of the audit, but the teams whose raison d’tre is to ensure
Puzzled by
Shrinkage?
ORIS form strategic partnerships with our customers and
create cost-effective shrink management solutions.
We offer a ‘can-do’ approach to loss prevention.
Our methodology has made us the UK’s leading Retail Loss Prevention specialist.
Our clientele speaks for itself. Call us today to see how we can help you
0870 787 1170 or email on kerinda.ibbotson@orisgroup.co.uk and we
will get right back to you.
www.orisgroup.co.uk
ISSUE 2 SEPTEMBER 2008 • 21
Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40  |  Page 41  |  Page 42  |  Page 43  |  Page 44
Produced with Yudu - www.yudu.com. Publish online for free with YUDU Freedom - www.yudufreedom.com.