PCI DATA SECURITY STANDARD (PCI DSS) COMPLIANCE
Note: The solutions discussed below only represent a small subset of the entire Ivanti product portfolio. Visit http://www.ivanti.com/solutions to learn more.
The PCI DSS: Why It Matters
The continuation of massive credit card data breaches at many high-profile organizations prompted the development of the Payment Card Industry Data Security Standard (PCI DSS), which standardizes how credit card data should be protected. Under the PCI DSS, a business or organization should be able to assure their customers that its credit card data / account/transaction information is safe from hackers or any malicious system intrusion, whether from those outside the organization or from within:
- 65 percent of financial services institutions worldwide experienced repeated external breaches within the past 12 months.
- 30 percent of these global institutions suffered repeated internal breaches during the same timeframe.
Under the PCI DSS, a business or organization should be able to assure their customers that its credit card, account, and transaction data is safe from hackers or any system intrusion, whether malicious or accidental, and whether from outside or within the organization.
The Cost of Non-Compliance
Non-compliance with PCI DSS can result in financial penalties levied against any vendor/service provider or even the denial the merchant’s ability to accept or process credit card transactions. Costs also include:
- Monthly fines for noncompliance - ranging from $5,000-$25,000.
- Lost business - if acquirer refuses to process card payments for a merchant after data breach occurs.
- Damaged reputation - consumers prefer to conduct business with companies whose reputation is untarnished from a data breach.
Getting to PCI DSS Compliance
To achieve compliance with the PCI DSS, vendors and service providers must adhere to six major categories of requirements, with a total of twelve PCI-required controls, covering access management, network security, incident response, network monitoring, and testing and information security policies.
Build and maintain a secure network
- Requirement 1: Install and maintain a firewall configuration to protect data.
- Requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters.
Protect cardholder data
- Requirement 3: Protect stored data.
- Requirement 4: Encrypt transmissions of cardholder data and sensitive information across public networks.
Maintain a vulnerability management program
- Requirement 5: Use and regularly update anti-virus software.
- Requirement 6: Develop and maintain secure systems and applications.
Implement strong access control measures
- Requirement 7: Restrict access to data by business need-to-know.
- Requirement 8: Assign a unique ID to each person with computer access.
- Requirement 9: Restrict physical access to cardholder data.
Regularly monitor and test networks
- Requirement 10: Restrict access to data by business need-to-know.
- Requirement 11: Assign a unique ID to each person with computer access.
Maintain an information security policy
- Requirement 12: Restrict physical access to cardholder data.
PCI DSS Compliance: How Ivanti Helps
Endpoint security software from Ivanti can help your organization achieve, maintain, and credibly document PCI DSS compliance. Ivanti solutions provide policy-driven, people-focused, granular control of users’ applications, devices, and access privileges. Ivanti software also delivers full-disk encryption, comprehensive malware protection, and real-time reporting. With Ivanti, your organization can protect sensitive information, demonstrate PCI DSS compliance, and reassure customers, partners, and regulators that your environment is secure.
Learn more about Ivanti Endpoint Security Software.