Category Sponsorship Banner Left

Category Sponsorship Banner Right



JUser: :_load: Unable to load user with ID: 3667

Category Sponsorship Banner Middle

Monday, 29 November 2010 15:29

Woolworths risks costly security gaps


Three years after bringing in a specialist from the Reserve Bank to beef up IT security, Woolworths is still plugging gaps in its PCI compliance regime, potentially exposing the retail giant to fines of up to $500,000.

Level One retailers - which process more than 6 million Visa transactions a year were supposed to be fully compliant with the Payment Card Industry Data Security Standard (PCI DSS) by 30 September this year or risk large fines. Speaking at a Cebit organised security conference in Sydney today, Peter Cooper, group information security manager for Woolworths, acknowledged that the organisation was still plugging the gaps.

Mr Cooper told delegates at the event that in general 'companies don't see value from compliance - they do the minimum they have to do to comply.' Woolworths' CEO however was 'particularly interested in protecting customer information.'

As a large retailer which handles credit card details, Woolworths is obliged to comply with the PCI regime, and adhere to the PCI DSS standards. Mr Cooper said that on arrival at the retailer from the Reserve Bank three years ago he had identified privacy breaches and PCI compliance as two key issues that needed to be addressed, and had begun a programme of PCI remediation.

In addition Woolworths had determined that all new programmes would be designed to be PCI compliant. He said that an education and compliance programme called Cardsafe had also been rolled out in the group to promote awareness.

'We had very specific requirements for policy and practices. We had quite a few gaps - we are filling them in now,' he said.

The problem is that the deadline for compliance was in September this year, technically putting the retailer at risk of fines of up to $500,000 which can be levied by card issuers (and imposed on retailers by issuing banks). Mr Cooper today told delegates that; 'We will try to use the PCI DSS where we can.' 

He said that at present the Woolworths board was regularly presented with group wide metrics showing where the divisions were sitting with regard to compliance.

Asked by iTWire how advanced Woolworths was with PCI DSS, and how long it would take to achieve full compliance, Mr Cooper declined to comment.

Ajay Unni, managing director of Stickman Consulting, also presenting at the conference, said that achieving PCI compliance, which demanded adherence to six codes and a list of 12 requirements cost retailers millions of dollars. However he said that there were fines of up to $500,000 available to the card issuers for non compliance.

He outlined a recent PCI remediation that the company had completed for an Australian retailer, which had introduced new processes and systems - and outlawed such spurious practices as sending customer credit card data in emails.

Mr Unni said that all Australian retailers which handled credit card details were obliged to comply with the PCI DSS standards, and said that he was aware of a number of fines which had been issued already after breaches of the compliance code were detected.

Subscribe to ITWIRE UPDATE Newsletter here


The much awaited iTWire Shop is now open to our readers.

Visit the iTWire Shop, a leading destination for stylish accessories, gear & gadgets, lifestyle products and everyday portable office essentials, drones, zoom lenses for smartphones, software and online training.

PLUS Big Brands include: Apple, Lenovo, LG, Samsung, Sennheiser and many more.

Products available for any country.

We hope you enjoy and find value in the much anticipated iTWire Shop.



iTWire TV offers a unique value to the Tech Sector by providing a range of video interviews, news, views and reviews, and also provides the opportunity for vendors to promote your company and your marketing messages.

We work with you to develop the message and conduct the interview or product review in a safe and collaborative way. Unlike other Tech YouTube channels, we create a story around your message and post that on the homepage of ITWire, linking to your message.

In addition, your interview post message can be displayed in up to 7 different post displays on our the site to drive traffic and readers to your video content and downloads. This can be a significant Lead Generation opportunity for your business.

We also provide 3 videos in one recording/sitting if you require so that you have a series of videos to promote to your customers. Your sales team can add your emails to sales collateral and to the footer of their sales and marketing emails.

See the latest in Tech News, Views, Interviews, Reviews, Product Promos and Events. Plus funny videos from our readers and customers.



Share News tips for the iTWire Journalists? Your tip will be anonymous




Guest Opinion

Guest Interviews

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News