Johannesburg, 04 May 2007
Enterprise data management company, Princeton Softech, has announced that it is among the first 24 companies to have joined the Payment Card Industry (PCI) Strategic Vendor Alliance (SVA). IT infrastructure, solutions and services provider, Datacentrix, is an authorised Southern African Solutions VAR for Princeton Softech.
The PCI SVA was founded by a group of leading data security firms, including ConfigureSoft, Cyber-Ark, Modulo Security, Proginet, Protegrity, Reflex Security and Safe-Net. The alliance was formed to provide the best in technology solutions and services to retailers, e commerce companies, financial institutions, payment processors, POS vendors and other organisations that must protect consumer privacy to achieve compliance with the PCI Data Security Standard (DSS).
"Every instance of data in an organisation represents a point of vulnerability, and thieves look for the simplest points of access, such as the development, testing and training environments that are often neglected from a security perspective. In fact, more than 70 percent of data breaches occur internally," says Rob Shaw, product marketing manager at Datacentrix. "The Princeton Optim solution for masking sensitive data has proven capabilities that can help companies ensure compliance with the PCI Standard."
"Without comprehensive controls and security measures in place to protect privacy, companies, as well as their customers and employees, face a much greater risk of becoming the victim of a data breach," says David Taylor, President of the PCI Security Vendor Alliance. "Working with Princeton Softech and other vendors in the SVA will make it easier for companies to obtain the best software solutions on the market to prevent the misappropriation of payment card information and to protect consumer privacy."
Initiated by MasterCard International and Visa in January 2005, the PCI DSS is a set of twelve multifaceted regulations that represent a unified industry standard for protecting cardholder data that is stored, transmitted or processed. The PCI DSS must be implemented by all members, merchants and service providers that store, process or transmit cardholder information. Fines for non-compliance can range up to 500,000 USD per incident.
This standard covers a range of issues, such as maintaining a secure network, protecting cardholder information, managing risk, implementing control measures, monitoring test networks and more. The PCI DSS makes "best practice" recommendations, but especially warns against using real credit card numbers in the development and testing environments. Companies that use production data for testing purposes violate the PCI DSS requirements.
Industry analysts recognise that data privacy in the application testing environment is essential and that masking or de-identifying the data is a viable approach. De-identifying test data is simply the process of systematically removing, masking or transforming data elements that could be used to identify an individual. Data that has been scrubbed or cleansed in such a manner is generally considered acceptable to use in an open testing environment.
Share