Remove credit card numbers on employee devices and servers
One of the biggest risks to PCI compliance is cardholder information that exists outside the organization’s controlled database environment. When credit card numbers are extracted from a database and stored as unstructured data—in files on employee devices and file servers—they pose a significant threat.
Most organizations have no visibility into the data stored in files by their employees, leaving compliance and risk managers unable to control spreadsheets, documents, and other files containing credit card numbers. These files can lead to failed audits and data breaches, especially when files are copied to cloud folders or other inappropriate locations.
Automated Redaction for PCI Data
With automated redaction from PKWARE, your organization can permanently remove credit card numbers numbers as soon as they appear in files on employee computers, file servers, and in other locations.
Automated redaction ensures that account information cannot be shared or stored in unauthorized locations. It also means that cardholder data will not be exposed in the event of a computer theft, misuse of employee credentials, or other security event.
Real-Time Policy Enforcement
Many of the world’s largest financial institutions use PKWARE’s Smartcrypt to remove credit card number from files on employee laptops and desktops. Once data is redacted, it no longer falls within the scope of PCI DSS requirements, reducing the burden of audits and reporting that are necessary in order to maintain PCI compliance.
Here’s how it works.
- Using PKWARE’s intuitive control panel, administrators apply data redaction rules to user devices and file servers where credit card numbers may be saved inappropriately. Administrators can use PKWARE’s pre-configured definitions of PCI data, or create their own definition of data types that require redaction.
- PKWARE’s automated technology monitors file activity and scans new or modified files to determine whether they contain PCI data.
- When a user enters or imports credit card numbers into a file...
- Smartcrypt automatically identifies and redacts the numbers, leaving the other file contents unchanged.
Unlike tokenization, data redaction cannot be undone, so files containing redacted data can be taken out of PCI compliance scope, no matter how many times the files are copied or shared.