Implementing a robust data protection solution for payment card industry compliance

Retailers, financial institutions, data processors, and any other vendors who manage credit card holder data today must adhere to strict policies to ensure that data is secure at all times.

Whether dealing with American Express, Discover, MasterCard, Visa or any other credit card issuer - these organisations face steep penalties, including fines and lost business, if data is stolen.

Condyn can help address many of the critical security challenges pertaining to data privacy within the enterprise in order to comply with the policies laid down by the credit card issuer.

The Payment Card Industry Data Security Standard (PCI DSS) requires the protection of sensitive payment account data (such as primary account number (PAN), magnetic stripe data, CVV, and PIN) by every company which processes, stores, and transmits such data. The standard was developed by members of the PCI Security Standards Council, which includes VISA, MasterCard, and American Express, in response to increased credit card fraud.

The PCI-DSS was developed through a joint effort by the major credit card companies in order to establish a standard set of regulations for all members, merchants, and vendors who transmit, process, or store cardholder data.

The PCI-DSS consists of 12 requirements:

* Install and maintain a firewall configuration to protect data.
* Do not use vendor-supplied defaults for system passwords and other security parameters.
* Protect stored data.
* Encrypt transmission of cardholder data and sensitive information across public networks.
* Use, and regularly update, anti-virus software.
* Develop and maintain secure systems and applications.
* Restrict access to data by business need-to-know.
* Assign a unique ID to each person with computer access.
* Restrict physical access to cardholder data.
* Track and monitor all access to network resources and cardholder data.
* Regularly test security systems and processes.
* Maintain a policy that addresses information security.

By complying with the PCI-DSS, merchants and service providers not only fulfil their obligations to the payment system but also gain the ability to promote their business as adhering to the highest security standards established for handling sensitive cardholder data. Customers demand complete assurance that their account information is safeguarded against all possible threats.

The focus of PCI DSS is to protect sensitive cardholder account data which is collected and stored during credit card transactions. The standard consists of a core set of principles with 12 specific requirements for the protection of sensitive cardholder data in use, at rest, and in transit. One of the key challenges merchants, banks, and payment processors face is the implementation of data encryption to comply with the PCI security requirements - and to execute this in an efficient and cost-effective manner.

Encryption is a key component of the PCI's endeavours to regulate through prescribed requirements. Even if other protection mechanisms fail and a hacker gains access to data, the data will be unreadable if it is encrypted. Unfortunately, many companies store credit card data on mainframes, databases, and other legacy systems that were never designed for encryption. For these companies, encrypting stored data (data at rest) is a key hurdle in PCI compliance. Furthermore, a recent VeriSign study found that 79% of PCI audit failures occurred because companies did not effectively secure their cardholder data.

Condyn dramatically reduces the cost and complexity of PCI compliance with a comprehensive and easy-to-manage enterprise data protection solution. With the Condyn Data Protection solutions merchants, banks, payment processors, and any other company subject to PCI DSS compliance, can meet the most challenging requirements to protect sensitive cardholder data.

This is in stark contrast to the point solutions which currently address single requirement issues. As a distributor of information security, risk and compliance solutions, Condyn is the only vendor capable of providing a comprehensive solution which protects sensitive data from core to edge, across databases, applications, networks, and endpoint devices - thereby reducing the cost and complexity of PCI DSS compliance. The streamlined implementation of our data protection solutions ensures PCI deadlines are met and fines avoided.

Protecting cardholder data has been identified as the most challenging requirement because it involves data encryption. This often results in diverse solution requirements which are only available from different vendors. Condyn can provide a single solution strategy that offers a cost-effective alternative and eliminates the need to purchase multiple vendor systems which have not been designed to work together.

Condyn is the only distributor in a position to provide a complete solution to secure data across the connected enterprise, from core to edge, with protection of data at rest, data in transit, and data in use. A comprehensive enterprise data protection solution reduces the cost and complexity of regulatory compliance, data privacy, and information risk management.