Example solutions and best practices for protecting consumer information via retail payment systems

April 6, 2016, University of Alabama at Birmingham
Example solutions and best practices for protecting consumer information via retail payment systems

With attacks on America's largest retailers increasingly in the headlines, the need to better secure consumer information is critical. Credit card information is a common target for cybercriminals, and once obtained it is often sold on the black market. However, account information is not the only customer data collected by retailers.

"When you go shopping, you leave additional about yourself, such as where you live, your age, your birthday, purchasing habits and other loyalty card information," said Yuliang Zheng, Ph.D., professor and chair of the UAB College of Arts and Sciences Department of Computer Information Sciences. "All of this information accumulates over time. Five or 10 years down the road, an enormous amount of data has been collected, and there is no way to get it back. When you aggregate all of this information, it can be used to paint a detailed picture of a person."

Secure handling of sensitive, noncredit card consumer data, multifactor authentication for e-Commerce transactions and combating online fraud were the topics of a collaborative workshop hosted by the National Cybersecurity Center of Excellence at the UAB Hill Student Center on March 22. Cybersecurity experts and retail executives from several major retailers gathered to discuss and identify pressing retail cybersecurity issues, applicable standards, best practices, and how current and emerging cybersecurity technologies and relevant architectures can be used to address these cybersecurity business challenges.

"UAB has a national reputation for excellence in cybersecurity research and education," said Robert E. Palazzo, Ph.D., dean of the UAB College of Arts and Sciences. "As one of nine universities on the Academic Affiliates Council for the nation's first federally funded research and development center solely dedicated to enhancing cybersecurity, we are honored to have been selected to host this collaborative workshop and contribute to the creation of possible solutions to the growing challenges of retail cybersecurity."

During the workshops and breakout sessions, participants discussed the complexities of securing personal identifiable information (PII) and how it can be protected, but remain accessible to various departments such as customer service and marketing. They explored whether current security measures used to protect credit card data could also be used to protect noncredit card information. Some of the recommendations include using tokenization, format-preserving encryption or anonymization to send customer data to shipping providers and others essential to the business process.

Over the next several months, the NCCoE will take all of the recommendations and information gathered to create example solutions to the defined problems and freely share the information with the retail industry. The information will be published in a National Institute of Standards and Technology Cybersecurity Practice Guide, providing detailed guidance on how to implement the established solutions.

Explore further: New NCCoE building blocks for email security and PIV credentials

More information: For more information, see nccoe.nist.gov/news/retail-cyb … s-new-nccoe-projects

Related Stories

Cybersecurity issue goes beyond the Anthem headlines

February 6, 2015

While the security breach affecting as many as 80 million Anthem Inc. customers generates big headlines because of its size, it's the smaller-scale attacks that concern Purdue University cybersecurity expert Eugene Spafford.

Recommended for you

Nanoscale Lamb wave-driven motors in nonliquid environments

March 19, 2019

Light driven movement is challenging in nonliquid environments as micro-sized objects can experience strong dry adhesion to contact surfaces and resist movement. In a recent study, Jinsheng Lu and co-workers at the College ...

OSIRIS-REx reveals asteroid Bennu has big surprises

March 19, 2019

A NASA spacecraft that will return a sample of a near-Earth asteroid named Bennu to Earth in 2023 made the first-ever close-up observations of particle plumes erupting from an asteroid's surface. Bennu also revealed itself ...

The powerful meteor that no one saw (except satellites)

March 19, 2019

At precisely 11:48 am on December 18, 2018, a large space rock heading straight for Earth at a speed of 19 miles per second exploded into a vast ball of fire as it entered the atmosphere, 15.9 miles above the Bering Sea.

Revealing the rules behind virus scaffold construction

March 19, 2019

A team of researchers including Northwestern Engineering faculty has expanded the understanding of how virus shells self-assemble, an important step toward developing techniques that use viruses as vehicles to deliver targeted ...

Levitating objects with light

March 19, 2019

Researchers at Caltech have designed a way to levitate and propel objects using only light, by creating specific nanoscale patterning on the objects' surfaces.


Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.