1.800.290.5054 (U.S./Canada)
1.210.308.8267 (Worldwide)

Contact Us Request Free Trial

Skip Navigation LinksHome > Products & Services > Enhanced File Transfer (EFT) > Capabilities > PCI Compliance

Achieving PCI DSS Compliance with EFT™

Raise EFT security to the level required by the Payment Card Industry Data Security Standard (PCI DSS)

The High Security module achieves or exceeds security practices mandated by the PCI DSS version 3, FIPS 140-2 Validation, HIPAA, Sarbanes-Oxley, and others for data transfer, access, and storage.

The High Security module ensures:

  • Data is stored and disposed of securely
  • Account and password security policies adhere to compliance standards
  • Strong encryption ciphers and keys are used exclusively
  • Violations are reported and compensating controls are applied
  • Changes are monitored and recorded
High Security Module (HSM) achieves or exceeds security practices mandated by the most rigorous standards for the enterprise including PCI DSS, FIPS 140-2 Validation, HIPAA, and Sarbanes-Oxley Setup WizardPCI DSS Report

Key Benefits

Protection of Data at Rest

The High Security module, in concert with EFT and DMZ Gateway, helps organizations comply with data storage requirements—including not storing data in the network DMZ—using repository encryption, and securely sanitizing deleted data so that it cannot be reconstituted.

Protection of Data in Transit

With support for multiple secure protocols and a built-in FIPS 140-2 validated cryptographic library, the High Security module protects data in transit. By enforcing the use of secure protocols, strong ciphers and encryption keys, and maintaining password policies, data transfers strictly follow the PCI DSS requirements.

Controlled Access to Data

The High Security module enforces strong account access policy controls such as the automatic lock out of accounts—users and administrators—after a set amount of incorrect login attempts and the removal of inactive accounts after a certain period of inactivity. Additional security controls can be set to expire passwords automatically on certain dates, and to provide notifications such as emails and connection banners. For user authentication, you can use an AD, NTLM, LDAP, or ODBC-compatible database, or EFT's authentication manager.

Active Monitoring

The High Security module actively supports the PCI DSS by:

  • Monitoring compliance
  • Alerting on non-compliance
  • Identifying the cause of non-compliance
  • Allowing reverting of security controls
  • Implementing mitigation/workaround techniques
  • Providing reports for auditor sampling

The Auditing and Reporting Module (ARM) captures all server activity in a fully relational database.

Minimized Attack Vector

The HSM lets you leverage your existing Active Directory infrastructure for EFT administrator accounts, eliminating the need to create, maintain, and track standards compliance of built-in, administrator accounts typical of most MFT solutions

Ongoing PCI DSS Compliance

With the PCI DSS, you cannot "set it and forget it." Compliance, with the ultimate goal of securing sensitive company data, requires continuous monitoring and validation of security policies and controls. Globalscape makes it easy for an administrator to create and maintain file-transfer services that comply with the PCI DSS. The solution provides a setup “wizard” that walks administrators through configuring a new PCI DSS-enabled file transfer service, sets default security settings, disallows low security options, captures compensating controls, and generates a PCI DSS compliance report for auditing the system’s PCI DSS compliance status.

EFT's High Security Module Helps You Achieve and Maintain PCI DSS Compliance

Globalscape's whitepaper, "Facilitating Enterprise PCI DSS Compliance" and the EFT help file outline specifically how Globalscape can help you become and stay compliant. Setup wizards provide administrators with an easy, step-by-step method to configuring a new high-security-enabled Site, with each page describing the requirement and what you need to do to meet that requirement, or to provide a compensating control (workaround).

Globalscape takes seriously and follows all the best practices mentioned in the PCI DSS, including considerations for customizations produced by our Professional Services team, use of common security frameworks, and development of our web client portals.