Blog
show errors

Meeting PCI DSS Compliance with EFT Enterprise

Payment card data is a constant source of concern for consumers and companies alike, from small businesses to large international organizations. Cybercriminals are always looking to take advantage of payment card data that is being managed or processed.

“69% of American consumers worry about theft of their payment card data.”

Gallup Poll

“In the UK alone, there were more than 2.46 million cyber incidents in 2015”

PCI Security Standards Council

“71% of hackers attack businesses with under 100 employees.”  

PCI Security Standards Council

What is PCI DSS?

PCI DSS compliance is enforced and managed by the Payment Card Industry Security Standards Council. The set of standards was established as a way to help mitigate credit card fraud and protect consumers’ payment card data. At the same time, the set of standards were meant to evolve with the current data security landscape that organizations face.

PCI DSS compliance applies to any organization that accepts payments from the major credit card brands like Visa, MasterCard, American Express, Discover, and JCB. Additionally, PCI DSS compliance requirements also include the use of peer-to-peer, mobile payment services like VenmoSquare, and PayPal.   

The PCI DSS Challenge

In 2015, more than 80 percent of businesses failed the interim Payment Card Industry Data Security Standard (PCI DSS) compliance assessment. (Verizon’s 2015 Compliance Report) Complying with PCI DSS is no simple feat. It requires a full scale data security and management process that involves active participation across an entire company, regardless of its size.“

Your data is vulnerable when it travels to your bank, and when it’s kept stored or on your computers and devices.”

PCI Security Standards Council

PCI DSS is a complicated regulation meant to safeguard sensitive payment information, which means that complying with the regulation can be a challenge. With the latest release of PCI DSS 3.2, the regulation expressly states how organizations must maintain security protocols and defenses. This could require more check-ins on PCI DSS compliance, which could also be costly if a full audit is requested.

“Fines of $500,000 per incident for being PCI non-compliant”

UC Santa Cruz Financial Affairs

The financial damages that an organization can incur extend beyond the PCI DSS noncompliance fines. Noncompliance is a reflection of an organizations security profile and speaks to their potential security vulnerabilities and weaknesses. What’s worse than a compliance fine? In two words, a data breach. Consider the December 2013 story, when 110 million Target customers had their credit and debit card information stolen. The breach cost the national retailer “nearly $162 million of expenses related to the breach, including $444 million in insurance payments.” (The Cost of Failing a PCI DSS Audit)  

Are you PCI DSS compliant? The PCI Security Standards Council offers a Self-Assessment Questionnaire to help you determine the security of your card holder data on their website. You can check it out here.  

Listed below is a high level overview of PCI DSS: 

PCI-DSS-Compliance-Chart.png

How MFT Supports a PCI DSS Compliance Strategy

Meeting data privacy compliance requirements while securing transferred data is top IT challenge for many organizations. When an organization that manages payment card data uses a managed file transfer (MFT) solution to help manage transferred data, it means two very important components can be achieved: secure file transfers and meeting PCI DSS Compliance.

Without an enhanced secure data transfer solution in place, a company can face an onslaught of expensive and time consuming problems, from lawsuits to data breaches, and insurance claims, among others. By using a MFT solution you can keep your customers valued and protected payment data secure, while still meeting and maintaining the necessary regulations, like PCI DSS

Globalscape Can Help

While assessing the security of their cardholder data, a Globalscape customer that operates in the financial services industry had determined that they were not meeting all of the PCI DSS compliance requirements. One such PCI DSS compliance requirement that was not being met occurred while they were transmitting data over a secured network. They didn’t store their credit card data in their Demilitarized Zone (DMZ), which was a compliance violation of PCI DSS.

To resolve that risk among a few others, they chose Globalscape’s EFT Enterprise with the High Security Module (HSM), the Auditing and Reporting Module (ARM), and the DMZ Gateway. With Globalscape’s advanced MFT solution, the financial services company was able to overcome the challenges that came with meeting and maintaining PCI DSS compliance. With their new solution:

  • All data transfers were kept secure, while organization always retained full operational visibility over all data activity and IT infrastructure by using EFT Enterprise
  • The organization used flood and DoS prevention settings, along with user credentials not being persisted in memory by using HSM
  • They were fully prepared and could catch any potential data transfer problems before an audit was conducted by using ARM
  • Payment card data was better protected because card data was never stored in the DMZ by using DMZ Gateway

Globalscape’s enterprise-level MFT solution provided the financial services organization a secure and efficient way to not only protect payment card data, but also to ensure that their organization would have the preventive data security measures in place so that they could continue to meet and maintain PCI DSS compliance with ease.

If you’re ready to learn how Globalscape can help your organization meet PCI DSS compliance, contact us today

Compliance Resources

Out of Order! The Risks of Being Out of Compliance

“The average cost for organizations that experience non-compliance related problems is $9.4 million.”

(Ponemon Institute, True Cost of Compliance)

Data privacy matters and it’s a core reason why compliance regulations are in place. Non-compliance often indicates that an organization doesn’t have the minimum data security protections and processes in place to protect the data they manage. Is your organization meeting its compliance mandates? Do you know how non-compliance can impact your organization?  

If you need to learn more about compliance mandates and how a strong data management solution can positively impact the role you play in maintaining your organization’s compliance download our latest guide.

In the guide, “Out of Order! The Risks of Being Out of Compliance,” you will learn: 

  • Common compliance regulations and which businesses are affected
  • Three ways compliance problems can negatively affect your business
  • How data management plays a role in your compliance strategy