The Scenario - A retailer
with a serial-based POS system and multi-port device server transmitting data over a public network.
The Challenge: Credit Card Information
Security Compliance
For today’s retailers, there has been
increasing pressure by credit card companies to protect the
privacy of customer information. Among other initiatives,
there have been specific measures taken in the area of credit
card data and the way information is used and transmitted.
Visa for example is enforcing strict policies
and deadlines on its merchants through its Cardholder Information
Security Program (CISP) in the U.S. and internationally through
the Account Information Security (AIS) program. Other major
card issuers have announced similar  requirements and deadlines.
An integral part of privacy protection at the
retail level is the capture of information at the debit/credit
card terminals when a card is swiped. While there has been
some level of privacy protection for the data being transmitted
across public networks for approvals, this is no longer enough
to meet new privacy requirements. This represents a particular
challenge for retailers, who rely on public networks to keep
their communications costs under control.
On the hardware front, many retailers use serial-based
point of sale (POS) terminals with card reading devices attached
that communicate with a serial to Ethernet terminal server.
The typical serial to Ethernet multi-port terminal
server in use today simply does not have the encryption capabilities
required to meet the new demands imposed on the merchants
by the credit card companies.
While replacing existing serial to Ethernet
devices with more secure versions is the most obvious tactic,
this would be a more costly and complex exercise than most
retailers can handle. Switching to a VPN (virtual private
network) infrastructure is another option, but again would
involve complex changes and considerable time and expenses.
A third alternative – and one that leverages
existing technology to deliver significant cost savings –
is using a Perle Serial Device
Server with built in encryption
capabilities to link card reader terminals to the public network.
This allows retailers to maintain their existing technology
investment, while providing the highest data protection levels
possible.
The Solution:
The IOLAN
SDS1 is a single port encryption-enabled device
server that can be deployed at each reader to create secure
links to the remote application server. Users simply disconnect
the card reader terminals from the terminal server, and connect
each reader to an IOLAN
SDS1. This configuration offers a
number of advantages, including:
- Rapid deployment
- Ease of installation
- Minimal disruption to operations
- Investment protection of existing hardware
- No infrastructure changes
- Reduced cost – up to 40% savings per
store vs. wholesale replacement
- Ability to retain use of public network for
data capture and transfer
Perle’s IOLAN family of products was
designed to deliver exceptional performance and expanded features
in a cost-effective serial to Ethernet solution. The IOLAN
SDS1 is the most advanced device
server on the market for
secure serial to Ethernet connectivity applications. This
compact unit offers robust security and flexibility. It is
the only device to offer next generation IPV6 technology,
making it ideal for applications that require remote device/console
management, data capture or monitoring.
Features include:
- Dual 10/100/1000 Ethernet support
- Secure AES data encryption via SSH or SSL
sessions
- Powerful authentication schemes to prevent
unauthorized access
- Next Generation IP support ( IPV6 ) for investment
protection and network compatibility
- Universal, software selectable RS-232/422/485 interface
to prevent mechanical tampering in the field
- 15 KV ESD provides protection against electrostatic
discharge and power surges
- Secure browser management with support HTTP, HTTPS/SSL/TLS,
SSH and Telnet
- Trueport COM or TTY port control and management
for serial based server applications
- Power over serial capability can eliminate
the cost of a separate AC power installation
- Port Buffering for data capture and analysis
Flexible Solutions for Retail:
While it is inevitable that the retail environment will continue
to evolve to meet increased data and security demands, the
need for cost-effective, easy to deploy solutions is critical.
Perle is committed to delivering solutions that will help
retailers of all sizes be flexible and effective in meeting
these ongoing technology challenges. The IOLAN
SDS1 is one
of a selection of Perle solutions that are designed to assist
customers in meeting their data delivery and encryption needs.
The Customer: A US Furniture
Retail Chain with 82 locations plus distribution centers
Revenues: US $2 Billion
The Challenge: Designated by
Visa as Level 1 Merchant, requiring that data protection be
in place by March 31, 2005 deadline
Solution: 4 Perle IOLAN
SDS1 single port
device servers with connection to the network at each site
to create a secure encrypted link between credit data and
the central server.
Results: Encryption requirements met by deadline
date, overall savings versus server replacement = 40% savings
per store
|
