Jack Wills ensures PCI DSS compliance
Thursday February 6 2014
British fashion retail brand secures over 1 million card transactions annually and associated customer data with the help of change and log tracking software
Growing sales across the British retailer’s stores, e-commerce site and mail order channel in the UK and internationally saw the organisation reach the critical milestone of processing over 1 million Mastercard or Visa card payment transactions in 2011.
This milestone made it a Level 2 merchant and therefore subject to strict PCI DSS
validation requirements, including an annual Report on Compliance (ROC), which prompted the retailer to seek a data security provider to guarantee compliance.
Staying ahead of compliance curve
Samir Butt, Jack Wills IT infrastructure analyst, commented: “We have to ensure that the card processing environment that Jack Wills provides is secure and compliant across all our sales platforms. When the volume of our transactions increased, the level of reporting requirements increased, and we decided to look for a provider with a specialist solution for PCI DSS compliance.
“We selected New Net Technologies Change Tracker and Log tracker solutions because they were designed at the core as PCI DSS solutions; File Integrity Monitoring is one of the key PCI DSS requirements and we knew that the NNT technology was ahead of the curve and that it would furthermore evolve as the PCI DSS itself evolved.”
New Net Technologies
(NNT) Change Tracker is designed to provide a cross-platform File Integrity Monitoring capability, which can govern security settings for all servers, electronic point-of-sale (EPoS) tills and network devices, while constantly monitoring for any changes.
Samir explained: “We have a consistent build of IT infrastructure across the organisation that ensures it meets the required security standard. Any risk of security being compromised would almost certainly come in the form of a malicious viral attack or from a hacker trying to compromise particular environments.
“NNT enables us to capture a configuration snapshot and empowers us with the ability to remotely monitor and be alerted to any changes to the infrastructure and the devices on it. And any changes that we’re not aware of will be alerted immediately, so we can see where they originated, what they were and identify what the intention of those changes may be.”
Added security monitoring benefits
A further requirement of the PCI DSS, the annual ROC means that Jack Wills must have the functionality to keep one year’s worth of security logs that are generated from any device within its card processing environment. The NNT Log Tracker solution provides Jack Wills with this functionality.
“Log Tracker allows us to capture the year’s security logs from all of the different machines that we use throughout our infrastructure,” Samir continued. “It allows us to search through these logs for unauthorised access, unauthorised changes, or changes that are authorised but have not been actioned correctly.”
Although the primary driver behind the implementation of the NNT solutions was to achieve PCI DSS compliance and ensure card security, Jack Wills has noted further benefits. “We have already seen a plethora of benefits since implementing the New Net Technologies solutions earlier this year,” he added.
“In addition to being 100% PCI DSS compliant, we are now able to fully monitor devices from a security standpoint, eliminating any weaknesses within our environment. Previously we did not have a monitoring solution in place and from that standpoint alone it’s been a blessing.”
Samir concluded: “As we grow moving forward and hopefully in time achieve level 1 merchant status, the culture of continuous real-time security validation and the operation of security best practices is something that NNT has instilled that we will continue to carry with us.”
Tagged as: Jack Wills | fashion | security | cards | payments | PCI DSS | compliance | log | file | monitoring | EPoS | e-commerce | New Net Technologies