PCI compliance

The Payment Card Industry (PCI) group was formed in 2004 to create common industry security requirements, called Data Security Standards (DSS), acceptable to all cardholder associations such as Visa, MasterCard, and JCB Cards. The standards define how credit cardholder and card authentication data must be stored, managed and processed to keep it secure.
Download PCI datasheet

Key facts and data security requirements you should know

• PCI affects every merchant or service provider who accepts, captures, stores, transmits, or processes credit card data
• PCI DSS requires companies to protect cardholder data, maintain a vulnerability management program, and implement strong access control measures
• The standards, revised as version 1.1 in September, 2006, include 12 requirements. Violating just one triggers overall PCI non-compliance
• Penalties can be as high as $500,000 per incident, as well as loss of interchange discounts.

^ back to top

Proven PCI data loss prevention

Leading retailer uses Vontu solutions to protect sensitive cardholder data

A FORTUNE 500 retailer needed a solution to reduce the risk of data loss, specifically the potential loss of credit card numbers and cardholder information, such as magnetic stripe data. Recent data loss incidents at other retailers added urgency to the project. After a Vontu Risk Assessment turned up numerous incidents of potential data loss, the company selected Vontu solutions for its ability to both monitor and proactively block the unauthorized transmittal of confidential information. Now the retailer is assured that its cardholders' privacy is well-protected by a solution that reliably detects and blocks any unauthorized transmittal of customer information from machines throughout its retail and wholesale operations, stretching across more than 1500 widely-scattered locations. It also has the tools in place to help demonstrate compliance with consumer privacy regulations.

^ back to top

How Vontu solutions demonstrate PCI compliance

Vontu provides comprehensive PCI data loss prevention for any organization that stores and/or transmits Primary Account Number (PAN) and cardholder data. Advantages include:

• Pre-defined PCI Policy Template with patented TrueMatch™ detection for the highest accuracy in the industry across all content and groups of people
• Demonstrate internal controls to PCI auditors
• Discover and protect exposed PAN and cardholder data on file servers, databases, Microsoft SharePoint®, Lotus Notes®, Documentum®, LiveLink®, web servers, Microsoft Exchange®, and other data repositories
• Monitor and prevent PAN and cardholder data loss on the network including email, IM, Web, Secure Web (HTTP over SSL), FTP, P2P, and generic TCP
• Discover PAN and cardholder data stored on the endpoint, such as desktops and laptops, and prevent this data from being inappropriately used, sent out, or copied to storage devices such as USB drives, CD/DVDs, or iPods
• Data Identifiers for PCI compliance to detect and validate a wide range of sensitive data types such as PANs, magnetic stripe data, and bank identification numbers (BINs).
• Comprehensive audit support through PCI compliance reports and role-based dashboards
• Automatically enforce PCI data security policies with a centralized platform for detection accuracy, policy management and automated incident response notification, workflow, and compliance reporting, to help organizations change employee behavior and pinpoint compliance gaps in existing business processes
• Role-Based Access Control enables business units and departments to review and remediate only those PCI incidents relevant to their role and privileges.

^ back to top

Related Resources