Powertech - PCI Solutions and Payment Card Industry

Home / Compliance Solutions / PCI

COMPLIANCE SOLUTIONS

HIPAA
Sarbanes Oxley
PCI
Regulatory Compliance
Data Privacy

request a demo >>

submit request >>

RESOURCES & DOWNLOADS

	Datasheets
	White Papers
	Case Studies
	Recorded Webinars
	Product Downloads & Updates
	Register for Product Demo
	Open Source Security Policy
	Compliance Guide

“Before we implemented, an employee could have walked out of here with data without us even knowing.”

Coy Krill, Whidbey Island Bank

Full Case Study

A Quick Summary:

The Cardholder Information Security Program (CISP) was originally established by Visa to secure computer systems and data from unauthorized access and loss. From these recommendations evolved a new, industry-wide standard that incorporates much of the CISP and adds additional requirements. This standard is generally referred to as the Payment Card Industry data security standard or, PCI-CISP data security standard.

PCI-CISP is a requirement of private industry that is more stringent than applicable government regulations. Visa has prioritized and defined levels of compliance validation based on the volume of transactions, the potential risk, and exposure introduced into the payment system by merchants and service providers. The penalties for non compliance are severe: If a Visa member fails to immediately notify Visa USA Fraud Control of the suspected or confirmed loss or theft of any Visa transaction information, the member will be subject to a penalty of $100,000 per incident.

Elements of compliance will dovetail with state and federal regulations, such as California Privacy Notification, Sarbanes-Oxley, HIPAA, Gramm Leach Bliley (GLBA), and others.

The PowerTech Solution

The PCI-CISP standard consists of 12 specific requirements, ranging from network security to access controls to encryption, from testing to auditing to documentation. The following table summarizes those requirements and the specific PowerTech products that address the standard. For a detailed discussion of each requirement and its impact on AS/400 and iSeries, download the whitepaper “PowerTech and the PCI Standard”.

Requirement	Solution
Build and Maintain a Secure Network
Requirement 1: Install and maintain a firewall configuration to protect data	Network Security
Requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters	PowerTech Compliance Monitor

Protect Cardholder Data
Requirement 3: Protect stored data	PowerTech Encryption
Requirement 4: Encrypt transmission of cardholder data and sensitive information across public networks	PowerTech Encryption

Maintain a Vulnerability Management Program
Requirement 5: Use and regularly update anti-virus software
Requirement 6: Develop and maintain secure systems and applications	PowerTech Authority Broker

Implement Strong Access Control Measures
Requirement 7: Restrict access to data on a need-to-know basis	PowerTech Network Security PowerTech Authority Broker
Requirement 8: Assign a unique ID to each person with computer access	PowerTech Compliance Monitor PowerTech Easy Pass
Requirement 9: Restrict physical access to cardholder data

Regularly Monitor and Test Networks
Requirement 10: Track and monitor all access to network resources and cardholder data	PowerTech Compliance Monitor PowerTech Authority Broker
Requirement 11: Regularly test security systems and processes.	PowerTech Compliance Monitor PowerTech Interact

Maintain an Information Security Policy
Requirement 12: Maintain a policy that addresses information security	PowerTech Compliance Monitor

Sitemap