Payment Card Industry (PCI) Data Security Standard
Achieving Compliance with PCI Security Solutions
- Strong authentication should be used to protect employee access to all cardholder data
- Encryption is one of the best ways to protect cardholder data in transit (such as via email or transaction processing)
- Content monitoring and control can help prevent a cardholder data breach and protect your brand
The following Entrust solutions for PCI security can help in meeting these and other PCI requirements while helping to establish an overall security policy for your organization.
Provides the ability to encrypt group files or folders no matter where they are transferred, stored or copied. The solution, which features patent-protected, client-server architecture, is transparent and automatic, and also uses persistent encryption to secure files and folders even if they exist on an external server, disk, drive or USB device. The file even remains encrypted when copied.
Provides strong two-factor authentication for securing access to transaction processing systems and database repositories containing credit card numbers, cardholder account information and transaction history. Offers many different methods of inexpensive authentication to suit the level of risk, including risk-based authentication based on IP-geolocation and the ability to leverage data delivered through the Entrust Open Fraud Intelligence Network (OFIN). Can be deployed to secure remote access to cardholder data systems.
Provides encryption of sensitive data contained within email (such as credit card numbers or cardholder information). Can be configured to automatically encrypt at the boundary of the network to prevent PCI regulated content from exiting the network unprotected.
Entrust PCI Security Solutions
The requirements for compliance with the Payment Card Industry (PCI) standard can be difficult to understand. The guidelines for PCI security compliance are somewhat broad and undefined; it is not always clear what a card company such as VISA will find to be an acceptable mitigating data control. To help, you can always look in the FFIEC Compliance guideline we provide, or have an audit done by PCI-approved assessors and PCI security vendors typically suggest millions of dollars worth of security applications in order to be fully compliant, but these suggestions are not practical in most cases.
With cost-effective security solutions for data encryption, strong authentication and email security, Entrust can aid in achieving your specific PCI security compliance requirements. Three of the main categories of PCI security requirements that Entrust can address for merchants and service providers are:
- Protecting Cardholder Data, including protecting stored data, by encrypting the transmission of cardholder data and sensitive information across public networks.
- Implementing Strong Access Control Measures by restricting access to data by business need-to-know, assigning a unique ID to each person with computer access and restricting physical access to cardholder data.
- Regularly Monitoring and Testing Networks by tracking and monitoring all access to network resources and cardholder data and regularly testing security systems and processes.