1
00:00:00,000 --> 00:00:03,840
Data is the new golden business.

2
00:00:03,840 --> 00:00:09,360
In fact, it's been said that a business's data is worth more than gold.

3
00:00:09,360 --> 00:00:15,120
Now, we're here today to explore and unpack the challenges that arise with technology

4
00:00:15,120 --> 00:00:21,600
and try and deliver the omnichannel experience in retail while at the same time protecting your gold.

5
00:00:25,840 --> 00:00:31,360
I'm your host Scott Kreisberg and in this episode Kevin McAdden is going to be joining us

6
00:00:31,360 --> 00:00:36,400
to close out our retail series on the broken promises of the omni.

7
00:00:36,400 --> 00:00:41,360
Roman Satin is joining us as well as our resident PCI expert.

8
00:00:41,360 --> 00:00:46,240
And he's going to help clarify any questions we have about both technology and compliance.

9
00:00:46,240 --> 00:00:50,960
Now, if you haven't listened to episodes six and seven,

10
00:00:50,960 --> 00:00:54,160
you're going to be missing out on a lot of valuable information.

11
00:00:54,160 --> 00:00:58,160
So I really recommend that you go back and you check them out.

12
00:00:58,160 --> 00:01:01,600
And if you go to our website at onestepsecureit.com,

13
00:01:01,600 --> 00:01:05,600
they'll be there for you to listen to and enjoy.

14
00:01:05,600 --> 00:01:12,240
Now, before we dive in, Roman, I'm going to let you take the honors of telling our viewers

15
00:01:12,240 --> 00:01:13,280
what our disclaimer is.

16
00:01:13,280 --> 00:01:19,120
All right, well, speaking of gold, I just want you to know that the purpose of this golden podcast

17
00:01:19,120 --> 00:01:24,000
is to provide news and information on cybersecurity and technology law and regulations.

18
00:01:24,480 --> 00:01:30,320
And all data provided on this site is for informational purposes and should not be considered

19
00:01:30,320 --> 00:01:32,560
legal advice or legal tender.

20
00:01:32,560 --> 00:01:35,440
Wow, you almost sound like an attorney.

21
00:01:35,440 --> 00:01:36,960
That's great.

22
00:01:36,960 --> 00:01:37,920
Thank you, Roman.

23
00:01:37,920 --> 00:01:43,680
All right, today's episode of the focus is, is the risk risk worth the reward?

24
00:01:43,680 --> 00:01:50,000
So let's dive right into it and let's see if data is the new goal for businesses and why.

25
00:01:50,640 --> 00:01:57,120
Now, I'd like to start this episode off with what's the actual promise of Omni?

26
00:01:57,120 --> 00:02:02,400
And you know, our store is still important with this whole Omni thing.

27
00:02:02,400 --> 00:02:04,480
Kevin, I'm going to toss that over to you, buddy.

28
00:02:04,480 --> 00:02:06,720
Thanks, Scott.

29
00:02:06,720 --> 00:02:07,760
And thanks for having me again.

30
00:02:07,760 --> 00:02:13,360
Yes, I think stores are extremely important to Omni.

31
00:02:13,360 --> 00:02:19,440
I actually just spoke to a group of cutting-edge merchants about a month ago on the topic.

32
00:02:20,320 --> 00:02:25,520
And there's some recent information, even since the last time we spoke on this topic that came out

33
00:02:25,520 --> 00:02:32,000
that predicted, this is Forester actually predicted that offline retail sales, meaning those not online.

34
00:02:32,000 --> 00:02:36,640
They're going to surpass 4 trillion by 2028.

35
00:02:36,640 --> 00:02:42,720
And that US offline sales will make up 72% of the retail market.

36
00:02:42,720 --> 00:02:47,360
So I think if anything that might reinforce what we've been talking about,

37
00:02:47,360 --> 00:02:53,040
that this last push into digital over the last several years while amazing and very innovative,

38
00:02:53,040 --> 00:02:57,840
also is leading back to a renaissance in the stores.

39
00:02:57,840 --> 00:03:00,800
And so I think Omni channels definitely worth it.

40
00:03:00,800 --> 00:03:04,960
This article happened to go on to talk about some of the challenges that these brands meet.

41
00:03:04,960 --> 00:03:07,600
And I know you'll probably ask a little bit more about that too.

42
00:03:07,600 --> 00:03:13,120
But to answer your question directly, I think clearly stores are big and Omni channel is big

43
00:03:13,120 --> 00:03:16,720
being able to serve online and offline customers.

44
00:03:16,720 --> 00:03:21,520
Awesome. Yeah, is that maybe chance you haven't got a best-of-growing number or is it less shrinking?

45
00:03:21,520 --> 00:03:24,480
71% is growing.

46
00:03:24,480 --> 00:03:27,680
Definitely, heavily growing.

47
00:03:27,680 --> 00:03:30,720
Yeah, especially after the last two, three years of COVID.

48
00:03:30,720 --> 00:03:34,880
But even before that, definitely growing over pre-COVID levels too.

49
00:03:34,880 --> 00:03:37,200
That's great. That's interesting. It's really interesting.

50
00:03:37,200 --> 00:03:42,480
It's great. I could say the shopping centers in my area, I mean I can't get a parking spot.

51
00:03:42,480 --> 00:03:44,960
So people are out shopping.

52
00:03:44,960 --> 00:03:46,400
All the way seasoned. So yeah.

53
00:03:46,400 --> 00:03:50,640
Well, the other interesting thing, this article talked about with regards to the physical stores is that

54
00:03:50,640 --> 00:03:56,960
what you're talking about there. But even Walmart CEO had been on record recently saying that his stores

55
00:03:56,960 --> 00:04:00,320
are key nodes in their Omni channel business.

56
00:04:00,320 --> 00:04:03,280
Meaning like, I mean, that's Walmart. So it's a different kind of retailer.

57
00:04:03,280 --> 00:04:08,640
But still, they've got distribution all over the country, all over the world.

58
00:04:08,640 --> 00:04:09,440
Absolutely.

59
00:04:09,440 --> 00:04:10,320
All right, cool.

60
00:04:10,320 --> 00:04:17,600
In a couple of the earlier episodes, you had mentioned that there are technical,

61
00:04:17,600 --> 00:04:24,400
operational, I believe you said security components to this Omni channel experience.

62
00:04:24,400 --> 00:04:26,080
Let's see if we can't break that down.

63
00:04:26,080 --> 00:04:33,040
What's the technical components, Roman, you're our resident compliance and technology person

64
00:04:33,040 --> 00:04:34,400
on this one? Why don't we start with you?

65
00:04:34,400 --> 00:04:36,160
Sure, sure, not a problem.

66
00:04:37,200 --> 00:04:43,520
Well, the biggest technical component I can tell you for all walks of retailers,

67
00:04:43,520 --> 00:04:47,520
retailers, Omni channel, everything is customer data, right?

68
00:04:47,520 --> 00:04:53,120
That is what all of the compliance, all the regulations and frameworks are looking to protect,

69
00:04:53,120 --> 00:04:58,160
which means all of these stores now have to take into consideration.

70
00:04:58,160 --> 00:05:00,720
Where do they store that data?

71
00:05:00,720 --> 00:05:03,680
You know, once upon a time, it was just in your point of sale system.

72
00:05:04,400 --> 00:05:08,960
And then, you know, if you had an retailer, it was just in the cloud somewhere, that

73
00:05:08,960 --> 00:05:10,880
nebulous word in the cloud we used.

74
00:05:10,880 --> 00:05:15,600
When you start marrying those together, you really start looking at a challenge.

75
00:05:15,600 --> 00:05:20,480
And I think Kevin's spoken about this before, if where, how do you cross that data?

76
00:05:20,480 --> 00:05:25,920
If I bought in your store, does that mean I can buy online with the same data and vice versa?

77
00:05:25,920 --> 00:05:32,800
So the technology aspect of it really is trying to find out, do you have an on-site database?

78
00:05:33,360 --> 00:05:35,040
Do you put that into the cloud?

79
00:05:35,040 --> 00:05:40,320
And not only do you have that type of hardware or software solution, you also look to,

80
00:05:40,320 --> 00:05:41,600
how can I secure that?

81
00:05:41,600 --> 00:05:45,600
So again, security methodologies now start putting into that, which

82
00:05:45,600 --> 00:05:47,920
in themselves is its own technology.

83
00:05:47,920 --> 00:05:52,320
So it's a fascinating thing that they have to do with our data.

84
00:05:52,320 --> 00:05:52,560
Yeah.

85
00:05:52,560 --> 00:05:55,840
So, yeah, there's a lot to think about there.

86
00:05:55,840 --> 00:06:03,280
And, um, probably should seek out some professional advice when, when thinking about this,

87
00:06:03,280 --> 00:06:06,080
um, yeah, so Kevin, do you have anything you want to add to that?

88
00:06:06,080 --> 00:06:07,840
Yeah, absolutely.

89
00:06:07,840 --> 00:06:13,520
Because I think that, you know, we talked about some of the technical and the operational

90
00:06:13,520 --> 00:06:19,760
challenges before and happy to dive into those again, but I think from a data perspective,

91
00:06:19,760 --> 00:06:21,600
data is the core of OmniChannel.

92
00:06:21,600 --> 00:06:25,120
And criminals are definitely taking advantage of it.

93
00:06:25,120 --> 00:06:31,040
Retailers have had a huge amount of cybercrime, small meeting business in general has,

94
00:06:31,040 --> 00:06:37,040
but retailers in particular, and I was reading a study recently about like where they were getting,

95
00:06:37,040 --> 00:06:41,520
and it was the, the majority was from exploited vulnerabilities, meaning some known

96
00:06:41,520 --> 00:06:43,280
vulnerability and some software.

97
00:06:43,280 --> 00:06:51,280
And retail was significantly higher, uh, risk of those attacks than kind of a cross-sector

98
00:06:51,280 --> 00:06:54,080
section of the rest of the average of businesses there.

99
00:06:54,080 --> 00:07:00,720
And when I dug a little deeper into it, 71% of the time in an attack that kind of outcome of

100
00:07:00,720 --> 00:07:06,320
the attack was that the data was encrypted because there's all this data, like Roman said,

101
00:07:06,320 --> 00:07:10,960
there's all this data, customer data, in particular, which there are so many states and,

102
00:07:10,960 --> 00:07:17,600
and not to mention federal and, you know, just best practices of not breaching customer data.

103
00:07:17,600 --> 00:07:22,240
I think something like over 80% of customers said they'd stop doing business with a brand

104
00:07:22,240 --> 00:07:23,520
that breached their data.

105
00:07:23,520 --> 00:07:25,600
So the criminals are getting it.

106
00:07:25,600 --> 00:07:28,640
They're like exploitive vulnerabilities, get their data,

107
00:07:29,360 --> 00:07:33,600
customers ain't having it. So yeah, that's a, it's a huge risk to it on top of the

108
00:07:33,600 --> 00:07:36,160
technological and, um, and operational.

109
00:07:36,160 --> 00:07:39,040
So there's this benefit, absolutely that we just talked about,

110
00:07:39,040 --> 00:07:44,800
but there's also a, a, a risk that has to be adjudicated as you go into the omnichannel world.

111
00:07:44,800 --> 00:07:48,320
Interesting. All right. Yeah, you just mentioned, um, operational components,

112
00:07:48,320 --> 00:07:51,680
they're in any particular, you want to discuss there?

113
00:07:51,680 --> 00:07:57,040
Yeah, I think, you know, a lot of times people just think this is a systems issue or, or just

114
00:07:57,040 --> 00:08:02,240
don't think about it at all, but, um, that, uh, they just like, oh, turn that button on the website,

115
00:08:02,240 --> 00:08:08,400
right? I mean, that happens more than more than we would all like to know, but like, um,

116
00:08:08,400 --> 00:08:15,120
you know, by nature, different aspects of a retailer's business are siloed, not just technologically

117
00:08:15,120 --> 00:08:21,360
siloed, although they are, but even operational, they're siloed. The way, um, online merchants,

118
00:08:21,360 --> 00:08:28,480
digital merchants think about retail is different than those that work in stores, um, or those

119
00:08:28,480 --> 00:08:32,720
that work in the warehouse, they just think about things differently, though, they're not the same team,

120
00:08:32,720 --> 00:08:39,040
they're different teams. Operationally, they are by nature, they're siloed. And so you'll have like,

121
00:08:39,040 --> 00:08:44,480
systems show this up and we talked about this before that you'll have certain technologies that

122
00:08:44,480 --> 00:08:49,200
evolved as an online technology, and then they go and they say, oh, yeah, you can open up a

123
00:08:49,200 --> 00:08:54,240
store with POS, but then they don't think of inventory as a thing that exists in

124
00:08:54,240 --> 00:08:58,880
spasically different places. And how do you get the order to those places? Because,

125
00:08:58,880 --> 00:09:03,600
to an online merchant, inventory is inventory. I got a hundred of them. I'm going to sell them,

126
00:09:03,600 --> 00:09:09,120
but if those hundred are split out amongst 16 stores, well, how you gonna fulfill them is very

127
00:09:09,120 --> 00:09:14,240
different. So I think that's high level, but it speaks to the kind of the technological challenges,

128
00:09:14,240 --> 00:09:20,080
but also the operational challenges. It takes a cohesive kind of melding of the teams to make sure

129
00:09:20,080 --> 00:09:24,080
that even the teams themselves are thinking about these things differently and what decisions they

130
00:09:24,080 --> 00:09:31,600
make have ramifications downstream or upstream throughout the organization. Yeah, um, yeah, yeah.

131
00:09:31,600 --> 00:09:37,040
I'd like to jump in for a second because it's, uh, it's interesting Kevin that used the silo. I was

132
00:09:37,040 --> 00:09:42,720
recently at a cybersecurity summit in Scottsdale, and we were talking about just that to where

133
00:09:43,360 --> 00:09:48,720
you have, um, and people do an inventory and receiving. You have salespeople, you have, uh,

134
00:09:48,720 --> 00:09:54,320
middlemanage. We have all these different silos that are doing their jobs, right? So they're doing

135
00:09:54,320 --> 00:09:59,280
their job. Yeah. And then as an upper management looks at it and says, great, everything's doing their

136
00:09:59,280 --> 00:10:07,200
job, but they don't see the gaps in between the silos. So it starts putting together a, um,

137
00:10:07,200 --> 00:10:12,800
a point of view that you need from somebody coming outside to look at your organization,

138
00:10:12,800 --> 00:10:18,960
to make sure that you are doing that crosswalking of silos to where those gaps aren't getting wider,

139
00:10:18,960 --> 00:10:24,560
even though they're doing their jobs. There might be some sort of security there or something that needs

140
00:10:24,560 --> 00:10:31,040
to happen in between there to make that customer data a little safer, um, to educate the staff.

141
00:10:31,040 --> 00:10:36,160
And that speaks to a lot of, uh, culture of, uh, of the company, which usually comes from the top

142
00:10:36,160 --> 00:10:42,880
down. It does. It has to come back to talk down culture and testing. Test, test, test, test,

143
00:10:42,880 --> 00:10:52,480
test these things. Absolutely. And back up, back up, back up, back up. Uh, well, this episode is,

144
00:10:52,480 --> 00:10:59,760
you know, very, uh, centered around the cost, uh, and the benefit of this technology, um,

145
00:11:00,480 --> 00:11:07,760
with regards to what risks you guys have been, uh, talking about. And so, um, what would you say,

146
00:11:07,760 --> 00:11:17,520
the cost, uh, benefit against the risk, uh, for opting to do, uh, OmniChannel is one, uh,

147
00:11:17,520 --> 00:11:22,240
considerate these options. I think the, God, you, you first on this one,

148
00:11:22,240 --> 00:11:30,320
run, go ahead. Okay. Yeah. Cause I honestly, I think the, the cost benefit is totally outweigh, um,

149
00:11:30,320 --> 00:11:36,080
having on the, on the, on the cost side versus what you're risking. I mean, um, with certain compliance,

150
00:11:36,080 --> 00:11:42,960
I've seen people, uh, companies that are obviously getting sued. I've seen, uh, owners take personal

151
00:11:42,960 --> 00:11:47,760
liability because they didn't follow certain frameworks. We see this in the news every day.

152
00:11:47,760 --> 00:11:54,160
So having your cost of, say, storage space in the cloud or whether it's on premises, um, cost of

153
00:11:54,160 --> 00:11:59,680
security, getting somebody that knows what the frameworks are. They know how to implement solutions

154
00:11:59,680 --> 00:12:07,520
and they can work with the team of technology people, engineers to secure you is far gonna outweigh,

155
00:12:07,520 --> 00:12:13,120
the, you know, um, then getting breached, getting your name in public. Because it's hard to come

156
00:12:13,120 --> 00:12:18,800
back from that. I mean, Kevin already, uh, told us and, you know, that people will stop shopping with you

157
00:12:18,800 --> 00:12:24,240
if there's a breach and their information's out there. So realistically, just get, get a partner

158
00:12:24,240 --> 00:12:29,360
that can help you define what you need that's right for your organization. And I think the costs

159
00:12:29,360 --> 00:12:34,800
are pennies on the dollar. So you're saying, do it right, but it's well worth it. Absolutely.

160
00:12:34,800 --> 00:12:40,160
All right. Cool. I was going to say something similar. Scott. Yeah. I mean, I would say the, the,

161
00:12:40,160 --> 00:12:46,160
the benefits are clear. Um, the, the brands that are doing it right are excelling. They, they really

162
00:12:46,160 --> 00:12:52,400
are. They are, they are excelling. The market is growing like crazy. Um, and it's, it's honestly,

163
00:12:52,400 --> 00:12:57,280
it's a very achievable thing, but it does, to your point and to Romans point, it takes a thoughtful

164
00:12:57,280 --> 00:13:03,200
approach and it takes, um, you know, uh, uh, a company wide, like a cultural thing, or you're, we're

165
00:13:03,200 --> 00:13:10,000
going to be omnichannel. And, um, a sloppy approach can definitely lead, lead, lead to trouble. Um,

166
00:13:10,000 --> 00:13:14,320
that, that article, the, the, the forced reminds me about talked about brands that were online that

167
00:13:14,320 --> 00:13:20,560
moved into retail, but, but didn't like fill those gaps to, to your point, Roman, and they struggled.

168
00:13:20,560 --> 00:13:23,840
And, and there is definitely some bankruptcies that have gone through out there. And I think we

169
00:13:23,840 --> 00:13:28,560
talked about a, uh, retail that I worked with personally that I saw that just kept throwing people

170
00:13:28,560 --> 00:13:33,040
at the problem instead of fixing the technology. And at some point, that's a lot more expensive

171
00:13:33,040 --> 00:13:38,720
than fixing the technology. So are there risks? Yes. And are there challenges? Yes. But they're

172
00:13:38,720 --> 00:13:43,520
overcomeable with the right expertise and, and man, those brands that are, that are growing,

173
00:13:43,520 --> 00:13:49,040
you're seeing multiples and multiples of growth, uh, as a result. Correct. All right. So risk

174
00:13:49,040 --> 00:13:55,120
and reward. So risk is there, but, but then it's, it's done properly. Then that risk is down here,

175
00:13:55,120 --> 00:14:03,760
and the reward is, is, is much higher. Um, let me ask you guys a question. Um, there are, uh,

176
00:14:03,760 --> 00:14:08,560
you know, security risks with any technology. And, um, what, what, what, what, what are some of the

177
00:14:08,560 --> 00:14:14,000
security risks that people are facing today retailers are having to deal with today? And, um,

178
00:14:14,000 --> 00:14:19,120
how are they evolving? You know, are they, are they getting, you know, more challenging for them?

179
00:14:19,120 --> 00:14:22,800
Are they be getting, are they getting easier for them to handle? Like tell us a little bit about

180
00:14:22,800 --> 00:14:30,000
that. Kevin, you had the mic, so why don't you tell us? Sure. I think, um, the specific challenge that

181
00:14:30,000 --> 00:14:36,240
I think a lot of, um, a lot of the small, medium businesses in general are facing and a lot of

182
00:14:36,240 --> 00:14:43,680
retailers in particular are the complexity of, of, of technology that doesn't seem complex yet.

183
00:14:43,680 --> 00:14:48,960
It really is. Um, online is a great example, like to actually run an effectively commerce site.

184
00:14:48,960 --> 00:14:54,800
It's not just one piece of software. It's dozens of pieces of software that are all working together.

185
00:14:54,800 --> 00:15:00,160
Like, um, we go online and we turn this app, I, I, I joked about earlier, check this box, check that box.

186
00:15:00,160 --> 00:15:04,720
It really is that easy on an online site to go, oh, plug this partner in, plug that partner in,

187
00:15:04,720 --> 00:15:11,680
and they literally have dozens of third-party apps that make the experience for us as a consumer

188
00:15:11,680 --> 00:15:17,680
what it is. But the challenge with that is that the, the, the, the bad actors, the hackers, the

189
00:15:17,680 --> 00:15:23,120
criminals, they're now starting to realize that each one of those represents potential vulnerabilities

190
00:15:23,120 --> 00:15:28,480
to exploit. And so it's not just, oh, I got to attack their website. It's, no, it is like two

191
00:15:28,480 --> 00:15:33,200
dozen ways in. I just got to figure out the one. And I think to that point, that's why some of

192
00:15:33,200 --> 00:15:39,680
the regulations are changing, like PCI V4 is saying, okay, those apps that you use on your website,

193
00:15:39,680 --> 00:15:44,720
that your client shop on their computers with, it's now your responsibility to make sure that

194
00:15:44,720 --> 00:15:49,920
they're cataloged, they're updated, you keep it in secure, you're patching when you're supposed to patch.

195
00:15:49,920 --> 00:15:54,160
And this, you could directly correlate this to the statistics we talked about earlier. 41% of the

196
00:15:54,160 --> 00:15:58,960
breaches at retail experience are because of an exploitable ability. Why? Because there's dozens of

197
00:15:58,960 --> 00:16:03,680
potential vulnerabilities on systems out there. So I think that's where the regulation is going,

198
00:16:03,680 --> 00:16:08,720
and that's why it's going there is because of that vulnerability. I, I see it, I see it a lot,

199
00:16:08,720 --> 00:16:13,520
um, that's got mentioned. I do a lot of the compliance, uh, here for one step. And,

200
00:16:14,480 --> 00:16:20,080
time and time again, it, it, it's small little things that Kevin said that, that don't seem complex,

201
00:16:20,080 --> 00:16:25,920
that that will get you, uh, for example, the spear fishing and really just fishing in general. It's

202
00:16:25,920 --> 00:16:31,440
what's going to take most people down, because it only takes one email, click, and then, you know,

203
00:16:31,440 --> 00:16:35,200
your system's compromised. Now, hopefully you've had a security professional in there. You've

204
00:16:35,200 --> 00:16:40,080
had somebody look at your technology and see what you need. But as we see time and time again,

205
00:16:40,080 --> 00:16:46,480
it is just those little bits that we take for granted. I'm leaving out of town. I don't have time to

206
00:16:46,480 --> 00:16:51,840
look at this. I'm going to click there and then that's going to get you. Kevin earlier mentioned the

207
00:16:51,840 --> 00:16:57,040
millions of dollars that are going to flow through retail. Um, but one of the things he, he may not know,

208
00:16:57,040 --> 00:17:04,720
because I look at more criminal stats is, um, business email compromise is a billion dollar industry.

209
00:17:05,280 --> 00:17:11,680
And that should be scary. That should be scary to people because, um, it, it's real. Now, how do we do

210
00:17:11,680 --> 00:17:17,440
that with the PCI as Kevin mentioned, the frameworks are changing with PCI for, um, they're kind of

211
00:17:17,440 --> 00:17:23,200
spreading the risk liability from credit cards to retailers and vendors, but it's nice because now

212
00:17:23,200 --> 00:17:28,800
there's a vendor management program set up to where, as Kevin mentioned, all 12 of those plugins,

213
00:17:29,440 --> 00:17:35,520
you can reach out to them and have them give you their security certificates. Um, you do have to do

214
00:17:35,520 --> 00:17:40,960
ongoing security training for your staff that once, you know, yes, those were in there, but they're not

215
00:17:40,960 --> 00:17:45,840
being, uh, enforced. Now we're going to see a lot more enforcement of some of these things that are

216
00:17:45,840 --> 00:17:49,840
going to make everybody safer at the end of it. I think we're all going to be better for it.

217
00:17:49,840 --> 00:17:56,480
I think, um, the prevailing attitude is that if I, if I get a technology that someone else is,

218
00:17:56,480 --> 00:18:01,520
is doing the security, that's been the prevailing attitude that I've seen with retail in particular,

219
00:18:01,520 --> 00:18:05,680
is that, oh, that's somebody else's thing. I'm, I'm just going to assume that they're, they're doing it.

220
00:18:05,680 --> 00:18:12,720
Right. And, um, you know, I learned from you, Scott, uh, that we need to trust, but verify that

221
00:18:12,720 --> 00:18:18,560
people are taking security measures because at the end of the day, if a breach occurs, we can blame

222
00:18:18,560 --> 00:18:23,360
anybody we want, but, but if it's our business and our customer data, then we're the one that's left

223
00:18:23,360 --> 00:18:28,560
told me. So I really think that approach is just so important to, to take.

224
00:18:28,560 --> 00:18:34,880
So the ostrich with the head in the sand isn't going to go, you know, yeah, we're just looking

225
00:18:34,880 --> 00:18:42,000
over our shoulders. Somebody's doing that, right? That's, yeah. All right. So I think we're getting

226
00:18:42,000 --> 00:18:47,920
pretty far in this episode, but, you know, PCI is, you know, it's been around for, but well over a decade

227
00:18:47,920 --> 00:18:53,440
now, I think we're up diversion for, um, you know, this one's going to be for real, right?

228
00:18:53,440 --> 00:19:02,160
I know the stakes are getting bigger and retailers are starting to wake up to this whole concept,

229
00:19:02,160 --> 00:19:08,000
a bit more than what you're talking about, Kevin, where, well, it's, the software I'm using is

230
00:19:08,000 --> 00:19:13,520
supposed to be a PCI compliance with somebody else's problem. Thank you for lining more. So, you know,

231
00:19:13,520 --> 00:19:18,960
rum, what, what do you have to tell us about like the security that we need to worry about or consider

232
00:19:18,960 --> 00:19:25,920
with regards to this current version of PCI? Um, you know, I think I've mentioned this once before,

233
00:19:25,920 --> 00:19:32,560
but plan your work and work your plan. I mean, it's, it's on the business at it and we're done.

234
00:19:32,560 --> 00:19:40,880
No, but it does ring true because on these new requirements, you do have training that you have to

235
00:19:40,880 --> 00:19:45,840
do annually and it has to be acknowledged. So it's not something that you just can pencil with,

236
00:19:45,840 --> 00:19:49,680
you know, and say, yeah, we've done it and you literally need people to acknowledge that they've

237
00:19:49,680 --> 00:19:56,960
done training before. Um, and that goes far reaching into the system. You do have, uh, backup,

238
00:19:56,960 --> 00:20:03,760
continuity and disaster, you have risk assessments, you have, um, incident response plans, all of these

239
00:20:03,760 --> 00:20:13,120
now have to be done and, uh, on paper written down. Shocker. Oh, I know it's, it's actually,

240
00:20:13,120 --> 00:20:20,000
that is probably one of the biggest pieces of the puzzle for businesses. Um, everybody has an idea

241
00:20:20,000 --> 00:20:25,440
of what they're, what they're going to do if X happens. We'll do Y. That's fine. Um, but it's not

242
00:20:25,440 --> 00:20:31,760
written down. So that means if the person that's responsible for it is on vacation in Aruba and you

243
00:20:31,760 --> 00:20:38,400
just can't reach them, nobody will know what to do. So write it down, make a plan and practice. And

244
00:20:38,400 --> 00:20:43,040
that's what I mean by work your plan. Practice. Just see what happens if, you know, somebody calls up and

245
00:20:43,040 --> 00:20:50,080
says, Hey, it's got the servers. You're down. What do we do? Right? And you have a, you have a plan that

246
00:20:50,080 --> 00:20:55,600
you've already put into place. You know where to find it. That's a big key. And you basically go step

247
00:20:55,600 --> 00:21:00,640
one, two, three, four and practice. So I would say that that's one of the biggest things that this

248
00:21:00,640 --> 00:21:05,920
PCI is really pushing forward that. And then as a center of the vendor management. So that you can't,

249
00:21:05,920 --> 00:21:10,960
you know, that we can't blame somebody else. You have to have something that says, no, I've talked

250
00:21:10,960 --> 00:21:15,360
in them. They said that they were secure. They gave me the certificate. And now your liability is,

251
00:21:15,360 --> 00:21:20,320
you know, transferred. And that's that's kind of what you do with the risk, right? Transfer it.

252
00:21:20,320 --> 00:21:26,000
Roman, I was reading something about PCI. I wanted to ask you about since you're the, the expert on it,

253
00:21:26,000 --> 00:21:30,720
the, you know, the prevailing thought amongst brick and mortar retailers was always, oh, well, my credit

254
00:21:30,720 --> 00:21:35,680
car company's doing that. And as long as they say they're, they're PCI on PCI. And I think online

255
00:21:35,680 --> 00:21:42,480
merchants is the same thing. Oh, well, I, I work with whoever, whatever payment portal I work with.

256
00:21:42,480 --> 00:21:48,080
But I was reading and maybe you can confirm this that that one of the things is changing now is that

257
00:21:48,080 --> 00:21:53,440
when the payment card provider says they're secure, all they're saying is that they're devices secure.

258
00:21:53,440 --> 00:21:57,760
They're no longer saying that the retailer is, oh, yeah, you're, your PCI compliant. They're just

259
00:21:57,760 --> 00:22:02,480
saying, I don't know, we are not necessarily your organization is as a retailer. Is that right?

260
00:22:02,480 --> 00:22:09,520
You, you have that absolutely correct. And I, you know, I can change, right? That's a,

261
00:22:09,520 --> 00:22:15,440
that's a change of this new one, isn't it? Yes, and no, depending on what, so there's multiple

262
00:22:15,440 --> 00:22:21,280
avenues in which you can take payment as we all know. I've got a credit card device. I write it down.

263
00:22:21,280 --> 00:22:26,560
I take it over the phone, right, in person. So there's all these different methodologies and

264
00:22:26,560 --> 00:22:31,920
the credit card companies understand that so that they make different rules for different

265
00:22:31,920 --> 00:22:41,840
ways of ending, right? But to your point of when the processor is doing their assessment of your system,

266
00:22:41,840 --> 00:22:48,640
they're looking at it from outside in and they're only saying as you said, my device is PCI compliant.

267
00:22:49,280 --> 00:22:54,800
Because PCI compliant goes to segment of networks. If you've ever made a purchase over the phone and

268
00:22:54,800 --> 00:23:01,120
you heard, we are recording this call for quality assurance. Well, now if you have to give them your

269
00:23:01,120 --> 00:23:08,720
credit card number to buy something, their phone system is actually in scope for PCI. Have they

270
00:23:08,720 --> 00:23:15,280
secured it? Have they secured that recording? We don't know, right? So it's a broader conversation

271
00:23:15,280 --> 00:23:20,160
where once people thought, oh yeah, I just, you know, take a card. It's fine. Well, have you written it down?

272
00:23:20,160 --> 00:23:29,120
Do you destroy that stuff afterwards? And so it's a pretty unique scenario that the credit card

273
00:23:29,120 --> 00:23:35,680
industry PCI industry has pushed back onto us because we start looking at things a little bit

274
00:23:35,680 --> 00:23:41,280
outside of the box and what we use to. So, right. Again, get a professional to help you look at it.

275
00:23:41,280 --> 00:23:47,040
I laugh because earlier, I mean, literally today I've talked to three people specifically about this

276
00:23:47,040 --> 00:23:51,280
when their processor said that they were self-assessed questionnaire,

277
00:23:51,280 --> 00:23:57,760
SAQ is acronym X. And I started asking them questions and I said, you are outside of that scope right

278
00:23:57,760 --> 00:24:05,760
now just by that question. And they're like, really? Like, yeah, they didn't know. It's their ownership

279
00:24:05,760 --> 00:24:11,600
to know, but it's not their job to know. All right, guys. Hey, Robin and Kevin, thank you so much for

280
00:24:11,600 --> 00:24:17,680
your time today. This is extremely interesting. I hope you guys all found this episode interesting and

281
00:24:17,680 --> 00:24:26,560
valuable. So we discussed just how valuable your company's data is in today's world. We discussed

282
00:24:26,560 --> 00:24:34,480
the challenges of securing it and all that goes with that. So your data is worth more than gold.

283
00:24:35,200 --> 00:24:42,800
And the risk versus the reward of going omnivare is there. So just get the professional help,

284
00:24:42,800 --> 00:24:48,080
know what you need to do and do it properly and then take advantage of what the

285
00:24:48,080 --> 00:24:55,520
those retailers that are doing this now are getting. So I know how much effort it takes to build

286
00:24:55,520 --> 00:25:02,400
valuable data and I hope you guys got some ideas on how to protect it today. So remember,

287
00:25:03,440 --> 00:25:08,720
we stand ready to help you. Just give us a call and let us know if you need any help until next time.

288
00:25:08,720 --> 00:25:12,560
Have a great week and remember to stay safe.