Can Remote Access And PCI Co-Exist?

Budget cutbacks and office closings have been pressuring retailers to pursue remote access approaches for tech support. And yet, PCI security concerns have made any kind of external access frightening in the extreme. Will fear or cheapness win?

One of the more pervasive challenges today is that remote site access has been around for decades, but the security needs have sharply changed. No longer, for example, does a firewall have to be pierced to permit remote site access.

"Remote support tools do not jeopardize a firm's PCI compliance efforts. Bad implementation does," said George Hamilton, senior product manager for LogMeIn, a remote access and support software company based in Boston.

Hamilton cites a typical problem with many of today's remote access setups, referencing a conversation he had with a retailer at a recent tradeshow and an employee who left the chain. "When one of their technicians left the company, it took them six hours to go onto all of the individual systems and remove their login credentials," he said. "During that entire six-hour period, that person who no longer worked for the company, he had access to critical POS systems. That is something you want to control centrally."

StorefrontBacktalk held a podcast this week on PCI and remote access, with Hamilton as guest. To listen to the podcast, please click here.