Protect Cardholder Data
and Meet PCI DSS Standards

Automate PCI Compliance

Credit card fraud is the most common form of identity theft fraud, accounting for more than a third of all identity theft fraud in 2018. Protecting cardholder data is crucial to protecting your customers—and your business.

Today, all entities involved in payment card processing—or that store, process, or transit cardholder data—are expected to protect that data through specific controls known as the Payment Card Industry Data Security Standard (PCI DSS). While compliance is not mandated by US federal law, organizations can be subjected to fines and in some cases could incur greater penalties. Any organization that accepts credit, debit, or pre-paid cards under the American Express, Discover, MasterCard, Visa, and Discover brands must maintain PCI DSS compliance. And in the busy world of payment processing, simplified and automated PCI DSS compliance and reporting is a must to keeping business moving at the speed of buyers. PKWARE knows how to help.

 

 

PCI DSS 101

PCI DSS applies to stores, online retailers, and other organizations, and covers a broad range of security topics, including network configuration, data protection, internal control, and policy development. An organization is assigned a PCI DSS merchant level and coinciding validation requirements based on the number of transactions they process. All four merchant levels involved in PCI compliance need to complete an annual assessment. Level 1 (6M+ transactions annually) must work with an authorized PCI auditor, while levels 2 – 4 can use a Self-Assessment Questionnaire (SAQ). Quarterly vulnerability scans of all data in scope are required for each merchant level.

Annual PCI DSS compliance audits examine an organization’s systems and cardholder data environments to ensure they meet requirements and identify vulnerabilities in order to prevent data from being compromised.

Requirement 3.4: An account number should be rendered “at a minimum, unreadable anywhere it is stored.” The requirement emphasizes that encryption is a critical component of cardholder data protection and that strong cryptography with key management is recommended.”

  • PKWARE provides file encryption, email encryption, element-level encryption, and format-preserving encryption to protect cardholder data in customer environments, both while data is at rest and in motion.

Requirement 4.1: Strong cryptography should be used to “safeguard sensitive cardholder data during transmission over open, public networks”

  • PKWARE provides file encryption, email encryption, element-level encryption, and format-preserving encryption to protect card data in customer environments, both while data is at rest and in motion.

Requirement 4.2: Cardholder data should never be sent in an unencrypted email

  • PKWARE’s end-to-end email encryption protects cardholder data before it’s sent.
The Fundamental First Step:
Sensitive Data Discovery

SEE DISCOVERY IN ACTION NOW

Protect Cardholders with

PKWARE empowers you to find and lock down data so that you can meet compliance

goals and protect critically important information.

Meet PCI DSS standards

for data protection and

simplify reporting

obligations

Protect cardholder information stored as structured, unstructured, or semi-structured data across the enterprise, from databases to endpoints

Provide a consolidated

view of compliance

and risk positions

Eliminate the negative

consequences of a

data breach

Request A Customized Demo Today

Tell us a little bit about your data security needs and a PKWARE security expert will walk you through how to easily achieve unbreakable data security.

Request a Demo