PhoneFactor Inc. announced that several major retail chains have enabled PhoneFactor to secure access to credit card data to help comply with payment card industry security regulations.
Securing this information is a concern as the holiday shopping season approaches. Retailers who have recently joined PhoneFactor’s customer list include New York & Company, Uno Chicago Grill and Party City.
The holiday shopping rush puts pressure on retailers to not only work efficiently to meet heightened demand, but to also keep a watchful eye on their customers’ data. PCI Data Security Standards, which set minimum security requirements for companies that store or process credit cards, specifically call for two-factor authentication when the network is accessed remotely by employees, administrators or a third-party.
Large retailers face a number of challenges in addressing this requirement, including geographically diverse retail locations, high employee turnover rates, and seasonal workers. These risks all are compounded during the holiday season, making them a key target for hackers.
A user simply logs in with a username and password. Instantly, his phone rings. He answers, presses #—or enters an optional PIN—and is granted access. PhoneFactor also offers text messaging and voice biometric options.
Because there are no security tokens to provision and no software or certificates for end users to install, PhoneFactor can quickly be enabled for large numbers of employees at retail locations worldwide.
PhoneFactor has been part of countless PCI DSS audited customer implementations. With PhoneFactor, all user data is stored within the customer’s network and advanced logging is available for auditing purposes. In addition to meeting PCI DSS requirements for two-factor authentication, many retailers incorporate PhoneFactor’s fraud alerting capabilities into their incident response plans.