You are here
Store security has come a long way from analog video cameras and VCR tapes. Not only do many stores now feature digital video that can be viewed from headquarters, but many now offer this option to district managers on the road so they can check in with their stores from any location with a computer.
“Digital security is a big piece of our overall security strategy because we can monitor what is going on in the stores in real time from our headquarters,” said Denise Spradley, director of IT at Spectrum Stores. “We are using ImageVault and our division managers can also view their stores from their office or home as well.”
Kwik Trip Inc. has digital video recorders in all 350 stores and connected them to the company's wide-area network (WAN), which allows them access from their support center. And the company is receiving requests from district leaders to be allowed access to the recorders as well.
“We just completed a test allowing two of our district leaders to view their stores' digital cameras from their homes and they really liked it,” said Ron Sissel, director of retail automation at Kwik Trip. “They can spot check their stores before they even go out in the morning and make sure the foodservice is fully stocked. They can also check in again at night. Most of them have 18 to 20 stores and they can't get to all of them every day, but this way they can.”
He added, “One district manager created a picture printout of a certain store every day at specific times and brought it in to the manager, and it was very helpful. We have to do some infrastructure changes in the office to allow them to do it first, like add onto our T1 phone circuits and replace our core routers.”
Additionally, achieving Visa CISP certification is one of the major security projects the company is focusing on this year. CISP, or Cardholder Information Security Program, certification insures retailers maintain the highest information security standards for customers and is required of all merchants that store, process or transmit Visa cardholder data.
“We have been working with Visa to accomplish the update needed, and they have been very helpful with assisting us,” said Sissel. “It took the whole focus of our year. We have over 2,200 machines, and we have to load all the service packs and critical updates. We will have password protection down to the file level and are encrypting all of our files, which we didn't have done. It is a very large process with us.”
The certification requires retailers to adhere to the Payment Card Industry (PCI) Data Security Standard, which consists of twelve basic requirements and detailed sub-requirements. These include building and maintaining a secure network, maintaining a vulnerability management program and implementing strong access control measures.
“Visa is making us do all the things we should have done, so it's better for everyone,” said Sissel. “Within the office, every server has to be protected, and we have to change our passwords every 90 days. You have to prove to Visa you did the updates and are keeping them current. We have an audit every six months.”