TechTip: Is your Company Subject to PCI Compliance?
Is your company subject to PCI compliance?
If the answer is yes, you are not alone. All organizations, small or large, that store, process, or transmit credit or debit cardholder data must be PCI compliant. Penalties for non-compliance include monthly fines up to $100K, suspension or restriction of credit card transaction processing abilities, and brand reputation damage.
Started by Visa International, the Payment Card Industry Data Security Standards (PCI DSS) are a set of guidelines aimed at tightening customer data security, preventing fraud, and reducing vulnerabilities. Unfortunately, the recent string of high-profile credit card data breaches only underscores the rising exposure to electronic theft and fraud that organizations face both internally and externally.
Recently, the PCI Security Standards Council revised its security rules to clarify sections of the earlier, 12-part PCI standards. The good news is that, unlike most standards, PCI requirements are both industry-driven and prescriptive – in other words, they remain focused on real-world procedures and are specific about the software requirements needed for compliance. The downside is that no single software product can make your company PCI compliant. Ultimately, achieving compliance depends on policies, training standards, and audits to back it up.
The role of Symantec Critical System Protection (SCSP) in PCI compliance
While it is true that no single software solution provides PCI compliance, Symantec Critical System Protection can help your company address four key goals of PCI compliance:
- Secure devices – With host-based protection and an application-based firewall, Critical System Protection shields operating systems, applications, and services by defining acceptable behaviors for each function.
- Audit – SCSP generates event and text logs of both authorized and unauthorized users to easily monitor events and actions that take place on your system.
- Monitor – SCSP monitors access to files and registry keys even by users with root or system administrator access.
- Respond – SCSP blocks changes from unauthorized users and applications and takes immediate action in response to events.
The PCI standards represent an opportunity for your organization to improve its data security technology using industry-developed requirements and controls. In the absence of an out-of-the-box solution for PCI compliance, Symantec Critical System Protection allows your company to deploy protection where the needs –and potential returns – are greatest.