Any organization/retailer that collects, processes, transmits or stores cardholder data is required to uphold and maintain the Payment Card Industry Data Security Standard (PCI-DSS), a list of requirements designed to enhance payment account data security. Code Green Networks TrueDLP™ for Retail provides a complete set of easy to manage data loss prevention tools with which a retailer is able to:
- Ensure compliance with PCI-DSS
- Protect consumer personal data
- Protect company proprietary information such as customer lists and loyalty programs
- Meet any additional local or company regulations pertaining to data privacy
PCI Compliance Requirements
Payment card regulations require any retailer accepting credit card payments to define a network security solution in line with standards for the protection of the Personally Identifiable Information established by the Payment Card Industry Data Security Standard (PCI-DSS).
The twelve (12) core requirements of the Standard include four (4) that are directly addressed by employing TrueDLP™ capabilities:
- Protect stored cardholder data
- Encrypt transmission of cardholder data across open, public networks
- Restrict access to cardholder data by business need-to-know
- Regularly test security systems and processes
Ease of Implementation
To achieve PCI compliance, all retailers accepting credit card payment are required to monitor the movement of customer information to ensure that data containing consumer credit card information is flagged and redirected for encryption
TrueDLP™ Data Loss Prevention allows both large and small retailers to find and apply consistent policy enforcement to regulated information wherever it may be stored or transmitted – whether in the data center, in the cloud, on a desktop, in an email or other communication. It has been developed to address unique needs of a particular retail business
- Simplicity of acquisition and implementation
- Scalability allowing growth and change
- Flexibility in geographic deployment
A typical starting point, for example, may include detecting any documents identifying a customer with financial information and controlling how such data is allowed to be viewed, stored or sent.
Train Workforce on Security Policies
As unauthorized actions are monitored and altered by TrueDLP™, users become better educated on the policies of the organization and the manner in which information is to be properly handled. For example:
- Preventing an employee from copying credit card information to removable storage devices.
- Notifying a user when a file containing any sensitive customer identifiable information is attached to an email leaving the organization,
- Notifying an administrator when a file containing PCI is copied to an unprotected shared file.
Measure Effectiveness of Security Policies
TrueDLP™ mechanisms will assess the effectiveness of security policies and procedures continuously, periodically or on an as needed basis in several manners such as:
- Inspect every email and web transaction for the presence of protected information
- Measure effectiveness of other controls by monitoring where PCI data is moved once it leaves your central system
- Get Daily, Weekly, and Monthly reports measuring security incidents of interest and potential loss trends