NetKey
 		 
 
  News & Features   Become a Member   Member Directory
    
Case Studies
Association Newsletter
Member Profiles
Awards
Calendar of Events
About Us
Slide Shows
Discussion Forum
Classifieds
Special Publications
Free Downloads
(Members Only)
Become a Member

 

 
 
Use this quick form to send a request for information to our members!
Category
ADA Advertising Associations & Organizations ATMs Audio Barcode Readers Bill Payment/ Money Transfer C-stores Cables Card Readers/Writers Cash Acceptors & Dispensers Cell Phone Top-up, Payment Check Readers (MICR) Coin Counting Kiosk Communication - Networking, Wireless Computers - Desktop, Laptop, Industrial, Thin, Panel, Embedded Connectivity Consulting Contactless Payments Cooling Systems Coupon CRM Debit/Credit/Smart Cards Design Digital Downloads - Music, Ring Tones, Movies Digital Signage DVD Kiosk Enclosures Entertainment & Gaming Equipment Leasing and Rental Exhibits & Displays Financial Gift Registry Government Graphic Production Hardware Healthcare Human Resources & Recruiting Industrial Input Devices - Trackballs, Joysticks, TouchPads, Stylus Installation Insurance Integration Internet Access/Pay for Use Inventory Extension Keyboards/Keypads Logistics, Deployment, Delivery Loyalty Maintenance & Service Management Systems Memory Readers (Flash & others) Mini Kiosks Mobile Monitoring Monitors Movie Rental MP3 & MP4 downloads Narrow Casting Outdoor Kiosks Paper Supplies Parking Parts Photo Kiosks Point of Sale Power Supply Prepaid calling cards Printers Product Information/ Ordering Product Information/Look-up Programmers & Application Developers Publications Remote Monitoring & Mgt. Restaurant/ Food Service Retail RFID Satellite Services Scanners Security & Biometric Identification Self Check-out/ Check-in Software - Linux/UNIX, middleware, Mac, OS, Multimedia Speakers Supply Surge Protection Survey Telephone Handsets Telephones/ Telephony Ticketing Total Solutions Turn-key Provider Touch Screen Monitors Touch Screens Trade Shows Transaction Processing Travel & Hospitality Vending Video - Players, Cards, etc. Watchdog/ Reboot Devices Wayfinding Wireless Devices
My Question:
Please enter the
verification code
displayed below. *
This field is case-sensitive.
We'll rush your request to our members!
 

 
Planning a project? Submit an RFP to our members now
Features

    

S3 security initiative Web site now online

By Travis K. Kircher editor

28 May 2008

The Digital Technology Alliance — an amalgamation of deployers and vendors in both the self-service and the digital signage industries — has launched a beta version of its Storefront Security Standards Web site.
 
The site, www.S3security.org, explains how deployers of self-service solutions can apply for S3 certification.
 
The S3 Storefront Security Standards initiative launched in October 2007 to provide a set of industry best practices to prevent identity theft, as well as protect consumer privacy and promote data security. The Alliance plans to begin offering the certification sometime in the fall.
 
“What I’ve seen in all new technologies, from the Internet to interactive, is that consumers are pretty smart. They’re often wary of new technology and the risks that they may face by using these new technologies, because they’ve been burnt before,” said Alex Richardson, managing director of Selling Machines Partners and president of the Digital Technology Alliance. “That’s why this is important for our industry.”
 
Rise of ID theft
 
Consumers’ fears about identity theft have been justified in recent years, according to some reports. In March 2007, Stamford, Conn.-based Gartner Inc., an information technology research and advisory company, released a survey indicating that roughly 15 million Americans were victimized by some sort of identity theft-related fraud from mid-2005 to mid-2006 — an increase of more than 50 percent from 2003, according the report.
 
“There’s a whole set of hackers out there who’d love nothing better than to break into your device,” Richardson said. “It might be a wireless RFID system or it might be a digital signage system. There are a lot of famous blue screen photos of systems in Toronto , and most likely those were hacked into. So these are very serious security incidents.”
 
Richardson said several association members representing a broad spectrum of vendors and deployers throughout the industry formed a committee last October, after he and Self-Service and Kiosk Association Executive Director David Drain asked for volunteers to take up the issue of best practices.
 
“We got a great response,” Richardson said. “We got representatives from New York , Chicago , California , Australia . It’s a well represented group.”
 
One of those committee members is Jimmy Dun of Dynasign.
 
“Certainly the people came from totally different backgrounds,” Dun said. “I enjoy working with the group and the challenge is really getting the attention of the membership so they have the same vision that we have.”
 
“The security of the content is paramount to our industry,” he added, pointing specifically to displays that might reveal financial information. “It’s the process. Good practices: that’s the whole thing. Technology helps, but it’s really running the operation that’s the key to success and a secure environment.”
 
Other committee members included:
  • Alex Richardson, managing director of Selling Machines
  • Jason Sinks, director of Polo Ralph Lauren
  • David Drain, executive director of SSKA and DSA
  • Scott Wood, director of standards, PCATS
  • Dan Burke, regional account manager, Sarcom Inc. / PC Mall
  • Mike Honkomp, director of new market development, Electronic Systems Protection
  • Rufus Connell, vice president of information and communications security, Frost & Sullivan
  • Craig Keefner, manager, KIOSK Information Systems
  • John Hervey, executive director, PCATS
  • Thomas Smith, president, Self-Service Networks
  • Lawrence Dvorchik, general manager, JD Events
  • Morgan Drew, chief executive officer, Abuzz
  • Lyle Peterson, chief technology officer, Nanonation Inc.
  • Josh Toland, senior field applications engineer, Flextronics
  • Bryan McCormick, vice president of marketing, Landel
  • Heinz Horstmann, sales manager, Provisio
  • Janet Webster, manager of retail service network and access, United States Postal Service
  • Michael Daily, president and chief operating officer, Freedom Shopping
Test taking
 
Visitors of the prototype Web site can get a crash course on what will be required before deployers can obtain S3 certification. Richardson said one of the most crucial steps is for each deployer to have at least one person who understands the ins and outs of the S3 best practices and who can be held responsible for making sure those best practices are carried out.
 
“We want every company — both large and small — to appoint someone to be a full- or part-time privacy and security data manager,” Richardson said. “We don’t expect a small company of 10 people to go out and hire someone else, but we do expect someone to clearly understand S3 and clearly understand basic IT security, or find a third-party to help them out.”
 
Companies wishing to be certified must also complete a questionnaire on data security and privacy protection. Sample questions might include:
 
  • Do you delete user data at the end of each consumer session?
  • Do you log out of the session automatically after extended periods of inactivity?
  • Do you automatically update software with new versions for operating system and virus protection?
  • Do you send alerts to your monitoring station in case of tampering?
The applicant’s responses to the questionnaire will determine eligibility for certification, Richardson said. He added that the applicant's privacy and data security officer will then be asked to confer with the committee during a telephone inteview in which the answers will be reviewed for conformity with the S3 guidelines. The committee will then decide whether certification will be granted, or if any additional information is required.
 
Richardson says the committee has not yet decided when certifications will expire. At this point in time, he says suggestions from members range from one to two years.
 
“It’s going to be around one year or 18 months when you’re going to have to come back and resubmit,” he said. “If nothing has changed, then all you’ll have to do is re-file the same application with the updated privacy officer’s name.”
 
Deployers that receive certification will then be eligible to display the S3 Storefront Security Standards logo on all of their deployments.
 
The beta version of the application site will be reviewed by the committee until August, Richardson said. He added that the Digital Technology Alliance welcomes input from outside sources, and lauded the work the committee had already done.
 
“It’s not a very sexy topic, is it? But it’s extremely important,” he said. “It’s good data. It’s amazing how many people look at this and forget — and don’t realize â€” how many things they’re leaving out of their implementation.”

©2008 NetWorld Alliance LLC. All rights reserved.

Need more info? Submit a Request for Information (RFI) to our members & get expert advice.
Give us details of what you're searching for:
We'll fire your request to our members ASAP!
Wincor Nixdorf ProConsult
 
Get the latest self-service & kiosk news delivered to your in-box. Click here to sign up for free.
 
Become a Member of the Self-Service
 
 
 
 
Site Map | About Us | Contact Us | News & Features | Become a Member | Find a Supplier | Home Page | RSS | NewsFeed
 
ATM Marketplace | Digital Signage Today | Kiosk Marketplace | SelfServiceWorld | Digital Signage Association | Pizza Marketplace | Fast Casual | QSR web | Retail Customer Experience | Church Central | Digital Technology Alliance