If you’re ever been to a Dave & Buster’s or Jillian’s restaurant and entertainment complex, you’ve probably had a great time with lots of fun and games. The IT and security team recently found out that dealings with the Federal Trade Commission (FTC) when credit card information is compromised, is no fun at all.
Dave & Buster’s recently settled an FTC charge that it “failed to protect customers’ information when more than 130,000 credit and debit cards were compromised.” Dave & Buster’s failed to take sufficient measures to detect and prevent unauthorized access to the network and adequately restrict outside access to the network including access by its service providers. This was the FTC’s 27th case challenging faulty security practices for protecting sensitive consumer information.
As part of the settlement, Dave & Buster’s must establish and maintain a program designed to protect the security, confidentiality, and integrity of personal information collected from customers. Add to that a requirement for complete independent, professional audits, every other year for 10 years. Beyond taking the appropriate security measures, Dave & Buster’s now has to prove they’re keeping the infrastructure secure–that’s a lot of time and resources.
This recent announcement reminded me of the Payment Card Industry Data Security Standards (PCI DSS) and the network security standards that are a key part of the compliance mandate. Within the last few years, more and more companies have called on Netcordia to help maintain a
safe and secure network infrastructure. With PCI DSS standards and rules embedded, organizations like the University of Houston have
tapped NetMRI to provide verification of compliance with an automated report. The result–a successful audit without pulling staff off their game for weeks to compile necessary information.