Default banner

PCI DSS Compliance Solutions

tier 2 security

For today’s security teams, addressing Payment Card Industry Data Security Standard (PCI DSS) compliance requirements can represent a massive effort—and the work’s never done. Industry-leading businesses around the world rely on Gemalto to effectively and efficiently address these requirements.

The Challenge: PCI DSS Continues to Change

Since Visa first rolled out its Cardholder Information Security Program (CISP) in 2001, organizations that manage cardholder data have been given detailed guidelines for securing their infrastructure and ultimately the payment data they manage.

While the PCI DSS requirements aren’t new, organizations’ technological environments and the threats that have to be combatted have changed dramatically in recent years. Further, the industry's guidelines continue to evolve, with the most recent release of PCI DSS, version 3.2, taking effect in July 2018.

While the PCI DSS features rules on everything from changing employee passwords regularly to deploying firewalls, many rules focus on the security of cardholder data and the systems used to manage it.

Encryption, Key Management and Strong Authentication for PCI Compliance

Gemalto can help address many of the critical challenges of addressing these PCI DSS standards.

Our SafeNet solutions help organizations take a comprehensive, data-centric approach to security that not only helps address near-term compliance objectives but ensures the security of sensitive assets in the long term.

Why You’ll Love Our PCI Compliance Solutions:

data security

One of the key challenges merchants, banks, and payment processors face is the implementation of data encryption, key management, and strong authentication to comply with the PCI security requirements—and to do so in an efficient and cost-effective manner.

SafeNet Solutions Help Organizations:

  • Reduce the cost and complexity of PCI compliance with the most complete and easy-to-manage data protection solution.
  • Protect sensitive data at rest, in use and in transit to meet the most challenging PCI security requirements.
  • Implement the industry's only comprehensive end-to-end solution that encrypts and controls access to sensitive data from clients, to databases, to endpoint devices
  • Streamline implementation, ensuring that PCI compliance deadlines are met and fines avoided

In short, SafeNet data protection solutions address PCI compliance challenges without impacting your ability to leverage the data or deliver on the bottom line.

But don't just take our word for it:

In developing the Solve DataShield offering, it was vital that we effectively comply with all the relevant PCI P2PE standards, including robust key management policies. Gemalto SafeNet Luna EFT HSMs delivered all the security capabilities that were required, while providing a platform that we could deploy quickly and manage efficiently.

- Nick Stacey
Dir. of Business & Market Operations
The Logic Group

Read the Case Study

 

Specific PCI DSS compliance requirements we can help you address:

  • PCI DSS Goal: Build and Maintain a Secure Network
  • PCI DSS Goal: Protect Cardholder Data
  • PCI DSS Goal: Maintain a Vulnerability Management Program
  • PCI DSS Goal: Implement Strong Access Control Measures
  • PCI DSS Goal: Regularly Monitor and Test Networks

To establish secure networks, it is critical to institute strong, granular controls around such aspects as administrative access, server functions, virtual machines, and so on.

How Gemalto can help:

  • SafeNet encryption solutions from Gemalto enable multi-tenancy and separation of duties to ensure that only authorized users can access secure data.
  • SafeNet HSMs enable partitioning that establishes effective isolation of critical cryptographic keys.
  • SafeNet ProtectV can encrypt virtual machines, and establish persistent controls against such threats as unauthorized copying, administrator abuse, and more.
  • SafeNet High Speed Encryptors (HSE) encrypt all data that traverses an open network, enabling teams to address critical network vulnerabilities.

Requirements addressed:

  • 2.2.1
  • 2.2.3
  • 2.3
  • 2.6

Encryption represents a vital requirement for safeguarding cardholder data. To address PCI DSS requirements, organizations need to leverage encryption of cardholder data in storage and transit.

How Gemalto can help:

  • Gemalto offers a portfolio of solutions that offer capabilities for encrypting unstructured files, columns in databases, virtual machines, applications, and more, so organizations can granularly protect PCI DSS-regulated records and files.
  • Gemalto also offers a tokenization solution that addresses PCI DSS requirements by converting the PAN (primary account number) to a token in the same format, which means associated applications can continue to operate seamlessly.
  • Encrypted data is only as secure as the keys used to encrypt it. SafeNet KeySecure offers the strong, certified controls that address many requirements for key creation, administration, and retirement.
  • SafeNet High Speed Encryptors delivers the Layer 2 network encryption capabilities that are essential in addressing requirements for safeguarding sensitive cardholder data transmitted over open network.

Requirements addressed:

  • 3
  • 3.4
  • 3.5.1
  • 3.5.2
  • 3.5.3
  • 3.5.4
  • 3.6
  • 4.1

An essential part of addressing this goal is through the development and maintenance of secure systems and applications. To achieve these objectives, organizations need to incorporate information security throughout the software development lifecycle.

How Gemalto can help:

Digital signatures are an essential aspect to establishing the validity of applications. SafeNet HSMs provide maximum security of signing material, storing this sensitive information in robust, tamper-resistant appliances, helping ensure the authenticity and integrity of code files.

Requirements addressed:

  • 6
  • 6.3

To achieve and sustain compliance, it is essential to establish strong controls around who can access sensitive resources, and under what circumstances.

How Gemalto can help:

  • Gemalto's SafeNet authentication solutions offer comprehensive capabilities for managing user access. With these solutions, organizations can ensure individuals are assigned unique credentials, establish operational role segregation, log and report on user access, and automatically apply policies.
  • With Gemalto's SafeNet encryption solutions, organizations can establish granular controls over who can access cardholder data. For example, by encrypting at the application level with SafeNet ProtectApp, your security teams can ensure that unauthorized users, even those with administrative permissions for an underlying server, cannot access sensitive data in the application.
  • SafeNet KeySecure provides centralized key management throughout the data lifecycle. Once the encryption keys are destroyed, the data cannot be accessed in clear text.

Requirements addressed:

  • 7
  • 7.1.2
  • 8.1.1
  • 8.1.2
  • 8.13-8
  • 8.2
  • 8.2.1
  • 8.2.3
  • 8.2.4
  • 8.2.5
  • 8.2.6
  • 8.3
  • 8.7
  • 9
  • 9.8.2

Effective capabilities for tracking user activities are essential in enabling security teams to prevent and detect compromises, and to minimize their impact should a breach occur.

How Gemalto can help:

  • By leveraging SafeNet KeySecure, organizations can leverage a central repository for all cryptographic activity data, which significantly steamlines auditing and logging efforts. SafeNet KeySecure maintains an extensive set of log files for tracking administrator and user activities. Further, the solution digitally signs log files to ensure their integrity.
  • By leveraging Gemalto encryption offerings, such as SafeNet ProtectFile, SafeNet ProtectDB, SafeNet ProtectV, and SafeNet ProtectApp, organizations can gain an effective means for auditing and logging access to encrypted cardholder data.

Requirements addressed:

  • 10
  • 10.2
  • 10.2.1-7
  • 10.5
  • 10.5.1-5