PCI Data Security Standard
The continuation of massive credit card data breaches at many high profile organizations, prompted the development of the Payment Card Industry Data Security Standard (PCI DSS), which standardizes how credit card data should be protected. Under the PCI DSS, a business or organization should be able to assure their customers that its credit card data/account information and transaction information is safe from hackers or any malicious system intrusion, whether from those outside the organization or from within:
- 65 percent of financial services institutions worldwide experienced repeated external breaches within the past 12 months¹
- 30 percent of these global institutions suffered repeated internal breaches during the same timeframe¹
To achieve compliance with the PCI Security Standard, vendors and service providers must adhere to six major categories of requirements, with a total of twelve PCI-required controls, covering access management, network security, incident response, network monitoring and testing and information security policies.
Lumension’s Security Management Solutions Help Credit Card Issuers and Processors Comply with PCI
Lumension’s security management software enables credit card issuers and processors to ensure the confidentiality of customers’ financial records and to ensure a stable and secure network environment. These solutions include:
- Lumension® Patch And Remediation - Proactive management of threats through automated collection, analysis, and delivery of patches (all major operating systems and applications) across heterogeneous networks.
- Lumension® Scan - Complete network-based scanning solution enables assessment and analysis of threats impacting all network devices.
- Lumension® Security Configuration Management - Out-of-the-box regulatory and standards-based assessment to ensure endpoints are properly configured.
- Lumension® Content Wizard - Create custom remediation packages to address configuration issues, remove unauthorized files and applications, address Zero-day threats, patch custom software and more.
- Lumension® Enterprise Reporting - Robust data warehouse that enables easy creation and sharing of reports on all aspects of your remediation efforts in support of policy compliance.
- Lumension® Risk Manager - Comprehensive IT-GRC software that streamlines and automates audit workflows and IT risk management to provide crucial visibility across the IT environment and ensure compliance with PCI DSS as well as with other pertinent regulations, mandates and internal policies
- Lumension® Application Control- Policy-based enforcement of application use to secure your endpoints from malware, spyware and unwanted or unlicensed software.
- Lumension® Device Control - Policy-based enforcement of removable device use to control the flow of inbound and outbound data from your endpoints.
Lumension proactively addresses PCI standards by continuously monitoring and assessing enterprise networks for software and configuration vulnerabilities, rapidly patching and remediating vulnerabilities and applying user access control policies across applications and removable devices.
|Build and maintain a secure network
Requirement 1: Install and maintain a firewall configuration to protect data
Requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters
|Protect Cardholder Data
Requirement 3: Protect stored data
Requirement 4: Encrypt transmission of cardholder data and sensitive information across public networks
|Maintain a vulnerability management program
Requirement 5: Use and regularly update anti-virus software
Requirement 6: Develop and maintain secure systems and applications
|Implement strong access control measures
Requirement 7: Restrict access to data by business need-to-know
Requirement 8: Assign a unique ID to each person with computer access
Requirement 9: Restrict physical access to cardholder data
|Regularly Monitor and Test Networks
Requirement 10: Restrict access to data by business need-to-know
Requirement 11: Assign a unique ID to each person with computer access
|Maintain an Information Security Policy
Requirement 12: Restrict physical access to cardholder data
The Cost of Non-Compliance
Non-compliance with PCI can result in financial penalties levied against any vendor or service provider or even the denial of the ability of the merchant to accept or process credit card transactions. Costs also include:
- Monthly fines for noncompliance range from $5,000-$25,000
- Lost business - if acquirer refuses to process card payments for a merchant after data breach occurs
- Damaged reputation - consumers prefer to conduct business with company whose reputation is untarnished and never experienced data breach
To see how Lumension’s endpoint security solutions can help your organization achieve PCI compliance, please click here.
- Deloitte Global Financial Services Industry 2007 Global Security Survey