Cyberstone understands the retail industry.  We’ve consulted for retail chains with dozens up to hundreds of locations.  Retailers have a uniquely complex IT infrastructure including point-of-sale (POS) systems and third-party systems/applications that plug into their network.  On top of that, retailers must meet the ongoing requirements of the Payment Card Industry Data Security Standard (PCI DSS).

Whether you’re a Level 4 merchant who processes very few transactions or a Level 1 merchant with millions of card transactions ever year, we can help. Our cybersecurity pro services are built in such a way that they can scale to any size business.

We help retailers comply with PCI DSS through penetration testing, vulnerability assessments, and cybersecurity maturity assessments specifically tailored to PCI requirements. We can help you shine a light on areas of risk or non-compliance, so you can make the necessary adjustments. This will help you maintain compliance but will also reduce the likelihood of being hacked or suffering a data breach.

If you don’t know where to start or are in over your head with other IT projects, we can help. Even if you have an established cybersecurity vendor, we still may be able to help. It’s best practice to rotate security vendors every 2-3 years to ensure objectivity. Perhaps it’s time to make the switch.


Cyberstone helps retailers make sense of the PCI DSS regulation at its 12 requirements which are listed below.

  1. Install and maintain a firewall configuration to protect cardholder data.
  2. Do not use vendor-supplied defaults for system passwords and other security parameters.
  3. Protect stored cardholder data.
  4. Encrypt transmission of cardholder data across open, public networks.
  5. Use and regularly update antivirus software.
  6. Develop and maintain secure systems and applications.
  7. Restrict access to cardholder data by business need-to-know.
  8. Assign a unique ID to each person with computer access.
  9. Restrict physical access to cardholder data.
  10. Track and monitor all access to network resources and cardholder data.
  11. Regularly test security systems and processes.
  12. Maintain a policy that addresses information security.

Contact Us