Protect Cardholder Data
and Meet PCI DSS Standards
Automate PCI Compliance
Any entities involved in payment card processing—including those that store, process, or transit cardholder data—are expected to protect that data through specific controls known as the Payment Card Industry Data Security Standard (PCI DSS). While compliance is not mandated by US federal law, non-compliant organizations can be subjected to fines and in some cases could incur greater penalties. Any organization that accepts credit, debit, or pre-paid cards under the American Express, Discover, MasterCard, Visa, and Discover brands must maintain PCI DSS compliance. And in the every-changing world of payment processing, simplified and automated PCI DSS compliance and reporting is a must to keeping business moving at the speed of buyers. PKWARE knows how to help.
PCI DSS 101
PCI DSS applies to stores, online retailers, and other organizations, and covers a broad range of security topics, including network configuration, data protection, internal control, and policy development. An organization is assigned a PCI DSS merchant level and coinciding validation requirements based on the number of transactions they process. All four merchant levels involved in PCI compliance need to complete an annual assessment. Level 1 (6M+ transactions annually) must work with an authorized PCI auditor, while levels 2 – 4 can use a Self-Assessment Questionnaire (SAQ). Quarterly vulnerability scans of all data in scope are required for each merchant level.
Annual PCI DSS compliance audits examine an organization’s systems and cardholder data environments to ensure they meet requirements and identify vulnerabilities in order to prevent data from being compromised.
Requirement 3.4: An account number should be rendered “at a minimum, unreadable anywhere it is stored.” The requirement emphasizes that encryption is a critical component of cardholder data protection and that strong cryptography with key management is recommended.”
- PKWARE provides file encryption, email encryption, element-level encryption, and format-preserving encryption to protect cardholder data in customer environments, both while data is at rest and in motion.
Requirement 4.1: Strong cryptography should be used to “safeguard sensitive cardholder data during transmission over open, public networks”
- PKWARE provides file encryption, email encryption, element-level encryption, and format-preserving encryption to protect card data in customer environments, both while data is at rest and in motion.
Requirement 4.2: Cardholder data should never be sent in an unencrypted email
- PKWARE’s end-to-end email encryption protects cardholder data before it’s sent.
Requirement 12.10.7: Include cardholder data within incidence response procedures any time it is found in unexpected areas
- PK Protect performs real-time discovery across a myriad of platforms, including all common user technologies, whether the organization considers the location part of the PCI scope or not.
Requirement 12.5.2: The in-scope environment must be documented and confirmed at least every 12 months and upon significant change
- PKWARE enables automated scanning and protection in a single platform to maintain an accurate scope.
SEE DISCOVERY IN ACTION NOW
If you don’t know where all your PII data is, you can’t confirm compliance for a QSA assessment. PK Discovery digs deep to uncover every place cardholder data is stored, whether structured or unstructured, in a file system, database, or large cloud repository—and can confirm that sensitive data is not being stored where it shouldn’t exist. With an exhaustive inventory of your data, it’s easier for a Qualified Security Assessor (QSA) to determine if your business is achieving and maintaining PCI DSS compliance.
Data As Needed
Data protection comes in multiple forms to align with the various requirements for storing and using data. According to PCI requirements 3.4 and 3.2, stored Primary Account Numbers (PAN) must be rendered unreadable, while authentication data cannot be stored at all after authentication. With more than 40 options for precise masking, PKWARE helps you meet PCI requirements while maximizing the business value of your IT assets. Admins also have the option to save a copy of unredacted data in a quarantines location in case it is needed in the future.
PCI DSS 4.0
PCI DSS released version 4.0 on March 31, 2022. While it won’t officially go into effect until 2024, now is the time for organizations to put solutions in place that will empower them to meet and maintain compliance with PCI DSS version 4.0. PKWARE solutions keep businesses informed on what, where, and whose data exists across the enterprise, making it easy to maintain precise visibility and control every day.
Protect Cardholders with
PKWARE empowers you to find and lock down data so that you can meet compliance
goals and protect critically important information.
Meet PCI DSS 4.0 standards
for data protection and
Protect cardholder information stored as structured, unstructured, or semi-structured data across the enterprise, from databases to endpoints
Provide a consolidated
view of compliance
and risk positions
Eliminate the negative
consequences of a