Payment Card Industry (PCI) Data Security Standard

• Strong authentication should be used to protect employee access to all cardholder data
• Encryption is one of the best ways to protect cardholder data in transit (such as via email or transaction processing)
• Content monitoring and control can help prevent a cardholder data breach and protect your brand

The following Entrust solutions for PCI security can help in meeting these and other PCI requirements while helping to establish an overall security policy for your organization.

The requirements for compliance with the Payment Card Industry (PCI) standard can be difficult to understand. The guidelines for PCI security compliance are somewhat broad and undefined; it is not always clear what a card company such as VISA will find to be an acceptable mitigating data control. To help, you can always look in the FFIEC Compliance guideline we provide, or have an audit done by PCI-approved assessors and PCI security vendors typically suggest millions of dollars worth of security applications in order to be fully compliant, but these suggestions are not practical in most cases.

With cost-effective security solutions for data encryption, strong authentication and email security, Entrust can aid in achieving your specific PCI security compliance requirements. Three of the main categories of PCI security requirements that Entrust can address for merchants and service providers are:

• Protecting Cardholder Data, including protecting stored data, by encrypting the transmission of cardholder data and sensitive information across public networks.
• Implementing Strong Access Control Measures by restricting access to data by business need-to-know, assigning a unique ID to each person with computer access and restricting physical access to cardholder data.
• Regularly Monitoring and Testing Networks by tracking and monitoring all access to network resources and cardholder data and regularly testing security systems and processes.