Your browser identified itself as a version of IE that was often shipped with default settings that were less than secure. Your internet experience could be made more secure by opening Internet Options in your browser, going to the Advanced tab and looking under the security settings for "Use TLS 1.1" and "Use TLS 1.2". Ensure these are turned on (checked). Doing so will enable your browser to support a higher quality of encryption on this and other websites. You will still be able to browse this site without turning on support for TLS 1.1 and 1.2, but we will have to use a lower level of encryption to accomodate you. See this question on Stack Exchange's Superuser forum from 2011 for more details keeping in mind the comments about TLS 1.2 non-support were made many years ago, and things have changed since then.

If the support for better cryptography has been turned on for your browser, thank you, and you can safely ignore this advisory.

Browser Security Alert

PCI DSS Compliance

Payment Card Industry Data Security Standards

The Payment Card Industry Data Security Standard (PCI DSS) is a set of industry-mandated security requirements for credit and debit card transaction processing. PCI DSS applies to stores, online retailers, and other organizations, and covers a broad range of security topics including network configuration, data protection, internal control, and policy development.

A council composed of major credit card corporations is responsible for maintaining PCI DSS requirements. While compliance is not mandated by United States federal law, some state laws require that payment processors comply with PCI DSS or similar standards.

Any organization that processes credit or debit card transactions, or that transmits or stores any form of cardholder data, is required to comply with PCI DSS. Specific obligations can vary based on an organization’s transaction volumes. Merchants processing several million transactions per year, for example, are subject to more frequent and more rigorous compliance assessments than smaller merchants. However, all organizations must meet high standards for protection of cardholder data:

  • PCI DSS Requirement 3.1 calls for organizations to purge unnecessary stored cardholder data on a quarterly basis, or more frequently.
  • PCI DSS Requirement 3.2 prohibits organizations from storing authentication data such as magnetic stripe data or cardholder PINs.
  • PCI DSS Requirement 3.4 states that an account number should be rendered unreadable anywhere it is stored, including on portable media, backup media, in logs, and data received from or stored by wireless networks. Acceptable forms of protection include truncation, tokenization, and strong encryption.
  • Requirement 4.1 states that strong cryptography should be used to "safeguard sensitive cardholder data during transmission over open, public networks."
  • Requirement 4.2 states that cardholder data should never be sent in an unencrypted email.

Organizations that fail to meet PCI DSS requirements are subject to a range of penalties including fines, increased transaction fees, and cancellation of processing privileges.

Meet PCI DSS Requirements with Smartcrypt

PKWARE’s Smartcrypt platform allows organizations to protect cardholder data with strong encryption, satisfying (and in some cases exceeding) several PCI DSS requirements.

Smartcrypt's automated workflow allows organizations to find and remediate cardholder data on servers and endpoint devices, without the need for user intervention. Smartcrypt agents scan new and modified files to determine whether they contain account numbers or other sensitive information. If a file contains senstive data, Smartcrypt can take a variety of corrective actions, based on the organization's security policies:

  • Masking or redacting account numbers within files
  • Deleting files containing prohibited information
  • Deleting files that are no longer necessary based on the organization's data retention policy
  • Moving files to quarantine locations
  • Encrypting files

When encrypting files, Smartcrypt applies persistent data-level protection, using AES strong encryption (up to 256-bit) that exceeds PCI DSS requirements. Encrypted information remains unreadable by unauthorized users, even in the event of a security breach. With Smartcrypt, even the most sensitive information can be sent via open, public networks without additional layers of protection. Smartcrypt encryption meets the enhanced PCI DSS requirements for data transmission that took effect in 2016.

The integration of ZIP compression with strong security not only ensures that information is secure, but it enables portability and efficient exchange of information across all major enterprise computing platforms.

PKWARE’s innovative Smartkey technology automatically generates, synchronizes, and exchanges encryption keys according to your organization’s security policies, making the process automatic for end users. Smartkeys can be managed using Smartcrypt’s administration console and can be stored on third-party dedicated key management appliances.

Solution Sheet

Smartcrypt can help you protect sensitive data and make PCI DSS compliance easier.

Download PDF

Case Study

See how a global bank is using Smartcrypt to ensure PCI compliance.

Download PDF

Smartcrypt Platform

Learn more about PKWARE's smart encryption platform.

Learn More

Benefits

Smartcrypt locks down data, helping organizations meet their compliance goals and protect their critically-important information.
  • Meet PCI DSS standards for protecting cardholder data at rest and in transit
  • Keep sensitive data safe from internal and external cyber threats
  • Eliminate the negative consequences of a data breach
  • Lower IT infrastructure costs across every platform with a single solution for encrypting and compressing data

Support Center

Find answers & help here.

View Support Site

Help Request

Our expert technicians are standing by.

Get Help Now

Sales Team

Request an expert consultation.

Contact Sales