PCI DSS 2.0 COMPLIANCE  


What is PCI?

In an effort to standardize data security measures on a global basis an organization known as the Payment Card Industry (PCI) was developed. American Express, Discover Financial Services, JCB, MasterCard Worldwide and Visa International were all members of the PCI organization. Together they outlined the Payment Card Industry Data Security Standard (PCI DSS), a list of requirements designed to enhance payment account data security. These requirements mandate that organizations maintain and build the following: a secure network, cardholder data protection, a vulnerability management program, an information security policy, regularly monitored and tested networks, and the implementation of strong access control measures. This comprehensive standard is intended to help organizations proactively protect customer account data.

PCI DSS 2.0  

defines the scope of assessment for PCI to include all location and flows of cardholder data.

One of the major changes in PCI DSS 2.0 is that responsibility for determining and documenting the scope for PCI DSS has shifted from the Qualified Security Assessor (QSA) to the entity (merchant, service provider, acquirer, and issuer).

The resulting scope may include the entity’s and third-party’s system components, as well as those that may not store, process or transmit cardholder data but could impact the security of the cardholder data environment

At least annually and prior to the annual assessment, the assessed entity should confirm the accuracy of their PCI DSS scope by identifying all locations and flows of cardholder data and ensuring they are included in the PCI DSS scope.

These compliance requirements will actually provide security benefits by reducing risks and costs. Organizations will now have a better understanding of where cardholder data exists and how it is flowing through the network, an organization can not only reduce the scope of their PCI compliance attempts, but may possibly meet the requirements for safe harbor under state data breach notification laws.

 

Basic rules on PCI compliance:

 
  •  PCI compliance includes merchants and service providers who accept, capture, store, transmit or process credit and debit card data.
  • As of September 2006, PCI 1.1 includes 12 major requirements. A single violation of any of the requirements can trigger an overall non-compliant status.
  • Each non-compliant incident will result in steep fines, suspension and revocation of card processing privileges.

Not all DLP solutions are the same

GTB Technologies' PCI compliance Data Loss Prevention Solution - Accuracy on all ports and protocols:

New programs requiring the use of unconventional protocols are becoming increasingly more prevalent. Furthermore, despite company policies forbidding the practice, employees frequently utilize peer to peer applications. Microsoft Networks and similar protocols, initially designed for LAN, are perfectly capable of working over the Internet. Finally, malicious applications (e.g., viruses and worms) can be utilized to transfer data across a broad variety of protocols. So supporting just SMTP, HTTP, FTP and IM is a real limitation and is NOT DLP.

 
  • GTB's rule manager contains a pre-defined PCI compliance rule, which defines PCI secure data as anything containing Personal Account Number (PAN) and a name or address
  • Personal Account Numbers (PAN) stored within the network and endpoint devices are discovered, exposed and protected
  • All outbound traffic across all network protocols is monitored for secure PCI data, with nearly 100% detection ratio and zero false positives on fingerprinted data.
  • PCI Data is prevented from being saved on removable media devices, such as: USB, CD/DVD or iPods
  • Encrypt data prior to transmission
  • GTB provides detailed PCI reports and role-based options that support auditing requirements

Should Your Organization be concerned about PCI Compliance?

All organizations, merchants and third party service providers who store, process and/or transmit credit/debit card data are subject to the Payment Card Industry Data Security Standard. As of January 2008, PCI compliance is a requirement and organizations that are non-compliant are subject to large fines and risk losing their ability to process credit card transactions until PCI compliance is achieved.




 

 


5 Essential Ingredients to a Data Loss Prevention System
GTB DLP Solution
Brochure


Follow GTB Tweets
02/07/2012
GTB Technologies Welcomes VCW Security as its Latest Data Loss Prevention & eDiscovery Distributor
11/17/2011
GTB's Latest Release Addresses Key Security Threats and Concerns
08/15/2011
GTB positioned as a Visionary Quadrant in the 2011 Gartner Magic Quadrant for Content-Aware Data Loss Prevention
07/06/2011
GTB Technologies Latest Release - a Game Changer
04/04/2011
GTB Technologies Expands Its Product Portfolio to Support Virtualized Data Centers & Cloud Service Models
03/07/2011
Donations of Data at Rest Scanners for HIPAA HITECH Compliance
01/11/2011
Frost & Sullivan DLP Innovation Product Award
11/01/2010
GTB Releases: The GTB SSL Proxy
09/27/2010
GTB Announces First Deployments' of DLP for Intellectual Property Protection

09/22/2010
GTB Announces Continued Momentum in International Markets
05/10/2010
Data Loss Prevention DLP Download

12/09/2009
GTB Announces the Availability of the latest release of GTB Content eDiscovery as well as a new Centralized Console
 

GTB Technologies, Inc.
5000 Birch St. Suite 3000
Newport Beach, CA 92660
Toll Free Number: (800) 507-9926
Telephone : (949) 783-3359
info@gttb.com


Interested in a Free 30 day "Content-Aware" DLP Download?  Click here
 
Copyright GTB Technologies Inc. A Data Loss Prevention Company 2006-2011. All rights reserved.