There were 26.2 billion credit card transactions, 47.0 billion debit card transactions, and 9.2 billion prepaid card transactions that occurred in the U.S. in 2012. 1 That totals 82.4 billion transactions required to fall under PCI DSS Compliance and this number is only predicted to rise each year.
Any business that stores, processes, or transmits any of this cardholder data is required to comply with PCI DSS (Payment Card Industry Data Security Standard). The PAN (Primary Account Number) on the front of a card, and any other sensitive data physically present on the card or stored on the card’s magnetic strip must all be protected. Additional sets of security standards for organizations to abide by are set by the individual payment card brands.
81% of companies in the U.S. and Europe store payment card numbers, putting these organizations at risk for both internal and external threats. 2 Data breaches seem to be occurring every day and are making news headlines across the globe. Rather than pressing your luck and breathing a sigh of relief that you were not the next victim, an easier (and more cost effective) solution is to implement a safeguard against the risk.
There are six goals of PCI DSS with subsets of requirements for each. 2 STEALTHbits’ suite of data, infrastructure, and application security solutions, including StealthAUDIT®, StealthINTERCEPT®, and other Sensitive Data Discovery solutions, address subsets of all six goals, as seen below.
Goals | Requirements | STEALTHbits |
---|---|---|
Build and Maintain a Secure Network | 1. Install and maintain a firewall configuration to protect cardholder data | ✔ |
2. Do not use vendor-supplied defaults for system passwords and other security parameters | ||
Protect Cardholder Data | 3. Protect stored cardholder data | ✔ |
4. Encrypt transmission of cardholder data across open, public networks | ||
Maintain a Vulnerability Management Program | 5. Use and regularly update anti-virus software or programs | ✔ |
6. Develop and maintain secure systems and applications | ✔ | |
Implement Strong Access Control Measures | 7. Restrict access to cardholder data by business need to know | ✔ |
8. Assign a unique ID to each person with computer access | ||
9. Restrict physical access to cardholder data | ||
Regularly Monitor and Test Networks | 10. Track and monitor all access to network resources and cardholder data | ✔ |
11. Regularly test security systems and processes | ✔ | |
Maintain an Information Security Policy | 12. Maintain a policy that addresses information security for all personnel | ✔ |
The first, and perhaps most critical step in ensuring compliance with PCI DSS, is to discover where data subject to the standard exists. Our Sensitive Data Discovery solutions were designed to:
- Quickly and efficiently identify where data exists across Desktops/Laptops, Servers, and Network File Shares
- Profile where your greatest risks exist based upon key factors such as the number of people with access to the data
- Discover sensitive data conditions with surgical accuracy
By pinpointing the location of unprotected cardholder data, organizations can secure their data through a variety of built-in actions and reporting capabilities, aligning with PCI DSS goals.
1 2013 Federal Reserve Payments Study
2 PCI DSS Quick Reference Guide
Leave a Reply