Challenge: A financial services organization failed to meet all Payment Card Industry Data Security Standard (PCI DSS) compliance requirements, so they reached out to Globalscape for help. While the organization was sending data over a secured network, they lacked critical feature sets that enforced PCI DSS compliance.
After initial conversations with the Globalscape team about the features of EFT Enterprise with the High Security Module and DMZ Gateway, PCI DSS compliance turned from what seemed like a dreadful situation to one of ease and effectiveness. One requirement of PCI DSS compliance was ensuring that data was not stored in the company’s Demilitarized Zone (DMZ).
With the DMZ Gateway, data was not only stored inside of the company’s internal network but ports were reduced to only one open to the internal network. Another feature-set of the DMZ Gateway was the capability to assign “allowed” IP addresses to access the network and blocks all others, essentially further securing the data in question.
Looking further inside the environment, management decided to implement the High Security Module for EFT. EFT with the HSM module provides for full PCI, HIPAA and SOX compliance in EFT. These compliances are met through flood and DoS prevention settings and user credentials not being persisted in memory.
Cardholder data can also be securely wiped via a DoD level data sanitization. In combination with our Auditing and Reporting Module, the organization was able to export PCI DSS compliance reports to view any potential problems before an audit was conducted.
After finalizing the security upgrades with the DMZ Gateway and HSM module the customer was extremely pleased with the outcome of up to date PCI DSS Compliance and peace of mind knowing that all cardholder data was secured inside of their internal network and only verified users had access to that data.