Default banner

Data security solutions for the Retail Industry

Thales security solutions help retailers protect their data and meet PCI DSS and other retail regulatory compliance requirements.

Retail data security

Retailers recognise their data isn’t safe and this threatens their profitability. Data not compliant with PCI DSS standards increases credit card costs on every transaction. The sophistication of today’s cybersecurity outlaws makes the question not “if data will be breached”, but “when”. Thales solutions can help retailers protect their data and meet PCI DSS requirements by making it useless to anyone who tries to steal it, but they can also dramatically reduce the cost and complexity associated with regulatory compliance.

  • Challenges
  • Solutions
  • Benefits

With Thales data security solutions, retailers can protect customer PII and data obtained from transactions and dramatically reduce the cost and complexity associated with regulatory compliance.

Data at risk

Reportable data breaches can not only have a negative effect on sales and reputation and generate credit monitoring costs and fines, but they are also are alleged to have cost senior executives and even CEOs their jobs.

PCI DSS compliance requirements

Data not compliant with PCI DSS standards increases credit card costs on every transaction and may put your organisation at risk for fines.

For retailers, the most significant compliance mandate is the Payment Card Industry Data Security Standard. It provides standards for secure networks, the protection of cardholder data, the implementation of a vulnerability management program, guidelines for stronger access controls and the establishment of an information security policy.

Learn more about PSI DSS Compliance

Customer data encryption and tokenisation

Beyond cardholder data, retailers need to protect all sensitive data wherever it exists and limit access to this data. Utilising encryption and/or tokenisation is the most effective way to secure data and does so even when a breach occurs.

Learn more about data at rest encryption and tokenisation

Securing the point-of-sale devices and applications

Security needs to include the point-of-sale or point-of-interaction terminals and payment application software. These devices are more connected than ever before and an even more appealing target for an attacker. For this reason, code signing is used to issue unique identities and securely push software updates to the devices in the field.

Learn more about code signing

Point-to-point encryption

Point-to-point encryption (p2pe) encrypts card data from the earliest possible moment of its capture and ensures that data remains in a consistent encrypted state until it arrives at the payment gateway. This approach is the cleanest approach to transaction protection.

Learn more about point-to-point encryption

eCommerce security

eCommerce poses different, but equally challenging issues, compared to the traditional retail environment. By creating an encrypted tunnel, through a secure socket layer (SSL), retailers are able to protect their online customers’ data from the earliest possible moment – establishing a secure, encrypted communication session to allow private information to be transmitted across open networks such as the Internet.

Learn more about SSL security

Secure communications

Encrypting the high-speed communication networks set-up between store sites and data centres is a critical next step for securing the infrastructure and protecting customer data, cardholder data and overall company information.

Learn more about data-in-motion encryption

Encryption with integrated key management

Make your data unreadable to others through strong, centrally managed, file, volume and application encryption combined with simple, centralised key management that is transparent to processes, applications and users

Access policies and privileged user controls

Restrict access to encrypted data through access policies and user controls that permit data to be decrypted only for authorised users and applications, while allowing privileged users to perform IT operations without the ability to see protected information.

Security Intelligence

Logs that capture access attempts to protected data provide high value security intelligence information that can be used with a security information and event management (SIEM) solution and for compliance reporting.

CipherTrust tokenisation with dynamic masking

In addition, CipherTrust tokenisation with dynamic masking lets administrators establish policies to return an entire field tokenised or dynamically mask parts of a field. With the solution’s format-preserving tokenisation capabilities, managers can restrict access to sensitive assets, yet at the same time, format the protected data in a way that enables many users to do their jobs.

Meet PCI DSS requirements

Thales solutions can help you protect your data and meet PCI DSS requirements by making it useless to anyone who tries to harvest it. Thales enables you to meet PCI DSS:

  • Requirement 3 through encryption of card data elements and secure encryption key management
  • Requirement 7 through restricting access to cardholder data by business need to know
  • Requirement 8 through identifying and authenticating access to systems and components
  • Requirement 10 through tracking and monitoring all access to network resource and cardholder data

Sophisticated encryption, tokenisation and key management solutions that protect mission critical data and applications at retailers

Thales offers comprehensive data encryption, tokenisation and key management solutions that protect data across devices, processes, platforms and environments. These solutions have no negative impact on business agility and help retailers protect their customers, meet government and industry compliance standards and avoid the damage to reputation caused by data breaches

Implement effective, high assurance tokenisation solutions to protect customer information, reduce scope and contain the cost of compliance

Comprehensive central key management, policy definition and integration with Thales HSMs for enhanced key and cryptographic process protection make it easy to comply with PCI key management requirements for key generation, distribution, storage, rotation and replacement.

Customer data protection with data encryption and tokenisation

Beyond cardholder data, retailers need to protect all sensitive data wherever it exists and limit access to this data. Utilising encryption and/or tokenisation is the most effective way to secure data, even when a breach has occurred.

  • Related resources