Retail

 

Protecting Governed Data at PCI Level 1 DSS CERTIFIED Standards

RetailThere are global sector-specific data protection and security requirements that regulate how an organization manages, protects, and distributes sensitive information. For example, when a merchant accepts payment cards as imbursement for goods or services, the entity must follow certain mandates which are required by the Payment Card Industry Data Security Standard (PCI DSS). During the transaction processes, PCI DSS mandates that specific steps are taken to ensure stored and processed sensitive data is secured and protected. CertainSafe® is leading the industry by ensuring PCI Level 1 DSS compliance around data is achieved as organization’s move to the Cloud.

 

PCI Data Security Standards (PCI DSS) are technical and operational requirements set by the PCI Security Standards Council (PCI SSC) to protect cardholder data. The Council is responsible for managing security standards, while the payment card brands enforce compliance. The standards apply to all organization’s that store, process or transmit cardholder data – with guidance for software developers and manufacturers of applications and devices used in those transactions.

 

All merchants that accept payment cards are required to obey PCI DSS regulations. PCI DSS requirements are best practice steps for security procedures. To view the specific standards, visit https://www.pcisecuritystandards.org/.



Related Guidance for the PCI Data Security Standard Build and Maintain a Secure Network

  • Requirement 1: Install and maintain a firewall configuration to protect cardholder data.
  • Requirement 2: Create new and innovate system passwords and other security parameters.

Protect Cardholder Data

  • Requirement 3: Protect stored cardholder data.
  • Requirement 4: Encrypt transmission of cardholder data across open, public networks.

Maintain a Vulnerability Management Program

  • Requirement 5: Use and regularly update anti-virus software.
  • Requirement 6: Develop and maintain secure systems and applications.

Implement Strong Access Control Measures

  • Requirement 7: Restrict access to cardholder data by business need-to-know.
  • Requirement 8: Assign a unique ID to each person with computer access.
  • Requirement 9: Restrict physical access to cardholder data.

Regularly Monitor and Test Networks

  • Requirement 10: Track and monitor all access to network resources and cardholder data.
  • Requirement 11: Regularly test security systems and processes.

Maintain an Information Security Policy

  • Requirement 12: Maintain a policy that addresses information security.

 

Steps 3 & 4 of the PCI DSS Requirements specify that cardholder data, including Primary Account Number (PAN), cardholder name, and expiration date need to be protected when stored (data “at rest”) or during transmission across public networks (data “in flight”). When cardholder data is managed and managed in the cloud, companies need to ensure they are taking the proper steps to sustain compliance, which is an extremely complex task.
The latest version of PCI DSS magnifies the complexity of PCI cloud compliance. The new requirements do not provide detailed guidance on virtualization concepts such as multi-tenancy and shared responsibility.
CertainSafe® is designed to help enterprises in this situation. We enable companies to keep their sensitive cardholder information in the “safe” which eases distress about the additional PCI compliance exposure. Organizations are worry-free because the card-related information that is stored and processed with CertainSafe® CERTIFIED to PCI Level 1 DSS standards. Therefore sensitive data is undecipherable and unusable in the event a breach ever occurred.

 

The latest version of PCI DSS magnifies the complexity of PCI cloud compliance. The new requirements do not provide detailed guidance on virtualization concepts such as multi-tenancy and shared responsibility.

 

CertainSafe® is designed to help enterprises in this situation. We enable companies to keep their sensitive cardholder information in the “safe” which eases distress about the additional PCI compliance exposure. Organizations are worry-free because the card-related information that is stored and processed with CertainSafe® CERTIFIED to PCI Level 1 DSS standards. Therefore sensitive data is undecipherable and unusable in the event a breach ever occurred.