Complying with the Payment Card Industry Data Security Standards with Vormetric (PCI-DSS)

Background

Any company that stores, processes or transmits credit card data must comply with the PCI-DSS. The major credit card brands of Visa, Mastercard, Discover and American Express aligned their individual policy protection programs to create the PCI DSS, an industry wide framework for protecting consumers.

The 12 Regulations of the PCI-DSS

1. Install and maintain a firewall
2. Do not use vendor-supplied defaults for passwords. Develop configuration standards.
3. Protect stored data
4. Encrypt transmission of cardholder data across public networks
5. Use and regularly update anti-virus software
6. Develop and maintain secure systems and applications
7. Restrict access to data by business need-to-know
8. Assign a unique ID to each person with computer access
9. Restrict physical access to cardholder data
10. Track and monitor all access to network resources and cardholder data
11. Systems should be tested to ensure security is maintained over time and through changes
12. Maintain an information security policy

Vormetric Data Security Expert is uniquely designed to eliminate roadblocks to PCI encryption requirements, including key management, application performance requirements and the need to contain infrastructure costs while securing distributed point of sale (POS) systems. Vormetric Data Security Expert not only enables compliance with more of the PCI DSS than any other solution, but is designed for a completely non-invasive implementation - allowing customers to be up and running in days or weeks instead of months or even years, as with other solutions.

Solution

Vormetric Data Security Expert is a cost-effective and easy to manage solution for high-speed data encryption and policy-based user access control. It is easy to install, non-invasive and transparent to existing applications, business operations and the IT infrastructure. Vormetric Data Security Expert addresses PCI's specifications for data protection, specifically: Encryption, Auditing and Logging, Data Access Controls, System Configurations, Configuration Management, and encryption of passwords.

Vormetric is a member of the Electronic Transactions Association (ETA)

Free PCI Information Service:  Vormetric and TruComply

Keeping up with the Payment Card Industry (PCI) Data Security Standard, recent threats to cardholder data, and the shifting legal landscape can be a challenge. TruComply and Vormetric have partnered to provide a free PCI Information Service to merchants, service providers, and banks that need to keep track of the latest developments affecting payments security. The service provides access to a portal which includes the latest news and analysis on payments security topics, monthly blogs by leading PCI experts, and a quarterly newsletter. Click here to register.