PCI Compliance
USG Eases PCI Compliance Concerns
More than 200 million personally-identifiable data records have been lost, stolen, or otherwise compromised since the beginning of 2005, a significant percentage of which were credit card records. Actiance solutions can help businesses effectively comply with PCI-DSS regulations as they apply to the control of real-time communications traffic and anti-malware protection.
What is PCI-DSS?
PCI-DSS - or Payment Card Industry - Digital Security Standards, to give it its full name - is a collaborative effort between multiple credit card organizations to achieve a common set of security standards for use by entities that process, store, or transport payment card data.
Many of the requirements of PCI-DSS overlap with those for other data protection and information privacy statutes, with two important differences:
- PCI-DSS applies to every organization that accepts credit
cards, so it encompasses business of all sizes, from small
retail and online outlets to global enterprises - with similarly
widely differentiated information security
- Cardholder data is extremely portable and can be vulnerable at many different points as it flows across multiple networks from the merchant to the credit card issuer, not the least of which is real-time communications networks
By protecting the integrity of credit card data, PCI compliance should lead to greater consumer confidence that their personal data will not be compromised by using credit cards.
The threat landscape is constantly evolving; threats are becoming more complex, sophisticated and innovative, and data and information are much more accessible. It is incumbent upon all businesses handling credit card information to view PCI compliance as an integral part of securing real-time communications.
Risk of non-compliance
Any company whose network intersects with credit card data as it flows from merchant to credit card issuer is vulnerable to the charge of endangering customer information and the consequent penalties should that company be found liable to a charge of insufficient care of that data:
- Fines levied by the acquiring banks
- The cost of replacing the cards and perhaps covering fraudulent charges
- The cost of credit monitoring for compromised individuals
- Demotion or loss of merchant status
- Public relations fallout
- Loss of shareholder and customer confidence
PCI-DSS vulnerability concerns in a Web 2.0 world
The Web 2.0 world is all about sharing, collaboration, and interactivity. The technology underpinning Web 2.0 is powerful, dynamic, and designed for collaboration and communication. It's also, for the most part, extremely easy to use and customize, hence the rapidly-growing popularity of Facebook widgets and other mini-applications.
Web 2.0 gives users direct control over powerful technology in a medium that does not have security as its first priority. The applications and communications emanating from this new environment frequently intersect with corporate and other private networks, creating the potential for significant vulnerabilities in the security of those networks.
But without the right tools, IT is unable to monitor and manage these new points of vulnerability at all, because they bypass traditional corporate network protection measures.
How Actiance can help
Actiance recognizes that Web 2.0 in general and social networks in particular can deliver real business benefits, and that organizations need a way to control, monitor and secure its use that ensures compliance without impeding those benefits.
Here's how Actiance's Unified Security Gateway addresses certain key requirements of PCI-DSS compliance:
| PCI-DSS Requirement | FaceTime Solution | FaceTime Benefit |
|---|---|---|
| 1.3.7: Denying all other inbound and outbound traffic not specifically allowed | Deploy USG at the gateway to filter web traffic, prevent unauthorized IM/P2P use, and block malware at the gateway |
|
| 1.4.1 Implement a DMZ to filter and screen all traffic and prohibit direct routes for inbound and outbound Internet traffic | Deploy
USG at the gateway to:
|
|
| 5.1.1: Ensure that anti-virus programs are capable of detecting, removing, and protecting against other forms of malicious software, including spyware and adware | Deploy USG with GEM for gateway detection and prevention |
|
Actiance USG gives IT control over Web 2.0, social networking, IM, P2P applications, and enterprise unified communications platforms through a single dedicated appliance that sits at the interface between the corporate network and the Internet.
Key PCI compliance features of USG include:
- Prevents unauthorized web, IM, and P2P traffic not blocked by firewalls
- Provides gateway malware prevention and targeted remediation of infected endpoints
- Enforces policies, manages use, and prevents information leakage over permitted real-time communications channels using industry-leading URL databases
- Enables unified policy management and enforcement across all real-time Internet traffic
- Real-time content filtering across all communications channels prevents inadvertent or malicious data leakage
- Prevents inadvertent or malicious data leakage over
all channels with real-time content filtering
- Protects against inbound and outbound threats (SpIM, spyware, rootkits, worms, botnets).
- Ensures non-repudiation of archived messages with tamper-proof logging and archival of online conversations
With flexible deployment options, USG fits seamlessly into existing network topologies to offer the highest level of security with zero latency and a low total cost of ownership.
Learn more about Unified Security Gateway