PCI DSS compliance encouraged by Harvey Nichols

Retail chain Harvey Nichols has spoken out about the importance of complying with new PCI DSS regulations in a session at the Infosec 2010 conference.

Matthew Suddock, who manages infrastructure for the firm, said that the number of mainstream scandals relating to insecure payment card information was increasing at an unacceptable rate, citing the recent scandal involving retailer TJX as a prime example of the damage that can be done.

Mr Suddock said that TJX had lost over 73 million as a result of a serious data security breach, during which customer payment card details were stolen. Mr Suddock pointed out that there was no firm large enough to take this kind of financial hit and not feel the effects in the longer term.

It has taken two and a half years for Harvey Nichols to alter its payment card systems in order to ensure full compliance with PCI DSS and Mr Suddock said that it now has several different safeguards in place to ensure that it does not suffer a similarly damaging data loss disaster.

Harvey Nichols no longer stores as many personal details relating to its customers, and the data which it does retain is not held for an unnecessarily long period, according to Mr Suddock. This is just one of the significant changes in practice that has been driven by PCI DSS adherence.

Card details are never stored in whole on any system, and information is separated into non-transferable systems, so that data recorded at a till cannot subsequently be passed onto a wireless network, or any other portion of the internal systems, minimising the risk of it being stolen during transit.

Tills themselves are now subject to continuous patching and update, with firewalls and antivirus software keeping them free from infection, whilst each area of the system is managed independently to avoid any chance of it becoming compromised.

Mr Suddock said that the major barrier to these changes had been the habits formed by staff over years in which insufficient safety measures were in place and that upgrading the systems was far easier than changing policy and practice.

Our Customers

  • ATOS
  • Age UK
  • Alliance Pharma
  • Liverpool Football Club
  • CSC
  • Centrica
  • Citizens Advice
  • City of London
  • Fujitsu
  • Government Offices
  • HCL
  • LK Bennett
  • Lambretta Clothing
  • Leicester City
  • Lloyds Register
  • Logica
  • Meadowvale
  • National Farmers Union
  • Network Rail
  • PKR

Sales question? Need support? Start a chat session with one of our experts!

For support, call the 24-hour hotline:

UK: 0800 999 3600
US: 800-220-7013

Or, if you've been given a screen sharing code:

Existing customer?

Click below to login to our secure enterprise Portal and view the real-time status of your data protection.

Login to Portal