Thursday 12 March 2015

Data Security in Payment Card Industry


What is PCI DSS


Developed by the major credit card issuers, the Payment Card Industry Data Security Standard (PCI DSS) outlines best practices for credit card data,storage, processing, and transmission. Its intent is to protect credit card information from fraud, theft, or any other breach

Requirements of PCI DSS


  • Build and maintain a secure network.
  • Protect cardholder data.
  • Maintain a vulnerability management program.
  • Implement strong access control measures.
  • Regularly monitor and test networks.
  • Maintain an information security policy.

How does EncrypTight™ Help You Comply with PCI DSS


       EncrypTight enables secure data transmissions, which assures the confidentiality, authenticity, and integrity of data as it travels across anynetwork, regardless of size, type, or topology. You’ll get encryption and authentication of all data, including cardholder information. Acting as a cryptographic firewall that rejects any packets lacking the proper authentication, EncrypTight ensures access to data is limited to those who need to see it. By protecting the network and the data, EncrypTight helps you comply with PCI DSS

PCI Requirement VS How EncrypTight helps you with compliance


Scope of PCI assessment may include the entire network


  • Avoid major network changes by overlaying encryption on top of the existing network.
  • Strong cryptography and simple policies isolate the Cardholder Data Environment (CDE) from the rest of the network.
  • Get stronger security through encryption rather than firewall-based approaches. The network is isolated using encryption rather than relying only on packet headers.
  • Secure data without changing the physical or logical network topology.
  • Simplify by encrypting among network segments that store, process, or transmit cardholder data.
  • Save money during PCI assessments by reducing the scope of the assessments.
  • Setup and management is simplified with GUI-based policies that allowthe network headers to pass in the clear while encrypting the payload.

Use strong cryptography and security protocols to safeguard sensitive cardholder data during transmission over open, public networks


  • Quickly and simply encrypt card-holder data and other sensitive information across any network without affecting the applications and services that run over the network.
  • Encrypt data as it traverses a third-party service provider network or the Internet.
  • EncrypTight is an easy, drop-in solution that works with existing network and applications.
  • Doesn't affect existing failover, redundancy and load-sharing.

Track and monitor all access to network resources and cardholder data


  • Provide a full audit trail for logging and auditing.
  • Role-based access enables an auditor to monitor security.
  • Auditing and monitoring can be easily outsourced to a third party
+91 7738 066 077           ι          Marketing_in@blacbox.com

No comments:

Post a Comment