Customer Login
How Do You Control Who Accesses What?
Solutions » Audit & Compliance » The Payment Card Industry (PCI) Data Security Standard

PCI Compliance in Your Network Environment

Millions of firms process payment card information globally. In the late 1990s payment card processors began to worry about the increasing amount of fraud associated with Internet-based purchases. Legitimate customer card data fell into the hands of crooks, who made fraudulent purchases, ultimately costing substantial losses. The payment card industry (PCI) released a data security standards (DSS) governing merchants that handle credit and debit cards. This PCI DSS applies to all firms that accept payment cards. Larger merchants must prove compliance through an annual examination.

While there are a dozen broad requirements, the core problem comes down to knowing where your card data resides and controlling who has access to it. In many environments, organizations isolate PCI data to selected servers on restricted network segments. Users authenticate from fixed devices at pre-assigned locations. The firm’s security policy is embedded in its network topology.

In your network environment, can you unequivocally state who all your users are? Do you know what they can access? Can you show all the appropriate interactions among users, assets and applications? Is there verifiable evidence that controls work, and that you took appropriate (and immediate) action when a policy infraction occurred?

Identity lets you see inside your environment, manage and monitor that environment and audit your policies to prove the effectiveness of your policies. You easily establish and maintain an internal control structure using Identity's Activity and Health Probes and Monitoring Station. Once each desktop receives its unique identifier, Identity lets you track and monitor that activities within your network. Additionally, you receive alerts and reports on machine and user activity that is not in accordance with your defined policies.

Identity provides extensive and detailed reporting on activities within your environment and on user activity. And, you gain rich capabilities to demonstrate clear effectiveness through detailed reports—along with associated review and approval workflows. That helps you unequivocally fulfill the PCI DSS’s requirement for protection of customer card data. .

 

 
products  │  solutions  │  oem partners   │  resources  │  company
©2007 Trusted Network Technologies.    Contact Us    Toll free: (877-222-8736)    Privacy Statement