The comment period for draft descriptions of two National Cybersecurity Center of Excellence (NCCoE) retail cybersecurity projects closes this Friday, June 3.

The projects are:

In addition to seeking comments (supportive or critical) from retailers, technology vendors, and consumers about the relevance of these cybersecurity challenges, NCCoE is inviting commenters to indicate their interest in participating in the retail sector cybersecurity activities or their desire to bring their technology to the project when it moves into NCCoE laboratory spaces.  Indicating interest by commenting on the draft will ensure that the commenters will receive reminders from NCCoE about when and how to submit a formal request to participate.

For more information about how to comment and ensure your participation in these important projects contact Tipograph Law.

Multifactor Authentication for e-Commerce

E-commerce retailers bear the cost for fraudulent, card-not-present (CNP) transactions, which is designed to motivate them to reduce fraud and increase the level of assurance in purchaser or user identity.  Multifactor authentication (tied to existing web analytics and contextual risk calculation), can help these retailers reduce the risk of false online identification and authentication fraud. Consumers will adopt multifactor authentication mechanisms as long as they do not unnecessarily encumber the purchasing process; retailers will adopt them if they are applied evenly across the entire sector.  These are some of the things that will be studied in the Multifactor Authentication project.

Securing Non-Credit Card, Sensitive Consumer Data

There has been an increase in the value of non-credit card, sensitive consumer data on the black market and relatively few regulations or standards specific to this topic in the consumer/retail industry in the United States.  The NCCoE has identified that implementing correct data masking, tokenization, and cryptographic techniques, coupled with fine grained access control, may significantly improve the security of personally identifiable information (PII) transmitted and stored during commercial payment transactions, as well as PII shared internally within a retail organization and externally with business partners.  The Consumer Data project seeks to improve the security of non-credit card, sensitive consumer data, meanwhile ensuring that consumer data is still usable by different departments within a retail environment for business operations.

Ultimately, these projects will result in a publicly available NIST Cybersecurity Practice Guide—a description of the practical steps needed to implement an example solution that addresses these existing challenges.