Securing retail systems within the store has always been a challenge, but it’s getting even more difficult with the proliferation of devices. Besides point of sale (POS) terminals, retailers have to safeguard self-service kiosks, sales assistant tablets, digital signage, and self-checkout, among others. Furthermore, the move to omni-channel retailing is complicating matters because customers can jump on the wireless LAN and share information using countless types of smart phones and tablets.
It’s no surprise that retailers are very anxious about security. This was confirmed in a survey released today of senior retail and hospitality executives conducted by IHL Group. When asked what keeps them up at night, respondents said PCI compliance for POS systems is top of mind. The second highest rated concern was the category “undefined”, meaning retailers aren’t sure what they should be worried about – they just know they should be worried about something.
So, who’s responsible for security? The report indicates that currently, the majority of retail and hospitality businesses are taking on the burden and responsibility of managing core POS security themselves. When asked who they relied on for security solutions, only 22% said device manufacturers. This means original equipment manufacturers (OEMs), who know the most about the retail systems they designed, might be left out of their customer’s discussion around security. Retailers may also be missing out on the knowledge OEMs have about the effectiveness and performance impact each security solution has. On the other hand, OEMs are forgoing a tremendous revenue opportunity. They could be performing a worthwhile service by delivering a security solution as part of their offering, while at the same time generating incremental revenue.
When asked about security solutions for POS terminals, two approaches dominated the responses: antivirus (AV) software and whitelisting software. Whereas AV software is known to anyone using a computer, whitelisting is better suited to embedded systems because they tend to run a pre-defined set of applications. In the survey, the preference for AV and whitelisting followed the size of companies. Bigger companies, over $5 billion (USD) in revenue, chose whitelisting over AV, 47% to 26% percent. One possible explanation is larger companies may have more resources needed to research the tradeoffs between the two methods.
The report clearly shows that retailers are looking for a solid plan to address security at the store level. This presents a huge opportunity for retail system OEMs who can address this gap by adding security software to their portfolio. McAfee has already partnered with leading retail manufacturers, such as NCR, Retalix and Toshiba TEC to secure systems such as ATMs, digital signage, and POS systems. These OEM’s are already taking advantage of technologies such as whitelisting not only because it is highly effective, but also because it is low maintenance. Security is now becoming a requirement, and manufacturers will need to jump on this opportunity much sooner than later.
Learn more about McAfee’s whitelisting solutions by visiting http://www.mcafee.com/us/products/embedded-control.aspx.