SafeNet, a global leader in information security, today announced the availability of an encryption and key management security solution that helps top retailers and other merchants comply with PCI DSS requirement three: protect stored cardholder data-the most difficult standard requirement to meet.
According to a 2008 Gartner analyst survey, 'encryption of data at rest and data in motion, and network segmentation, are the top three technical challenges that retailers have with PCI. More than two-thirds of surveyed merchants encrypt data at rest.'* Securing data at rest falls under PCI DSS requirement three.
"The greatest challenge retailers faced with PCI DSS requirement three is finding and implementing a solution that not only complies with the standard, but doesn't slow business processes and decrease profits," said Derek Tumulak, vice president, product management, SafeNet. "SafeNet reduces the cost and complexity of PCI compliance with an enterprise data protection (EDP) solution that protects stored cardholder data across the enterprise from the core to the edge."
PCI DSS was established by Visa, MasterCard, and other major credit card companies and mandates the protection of sensitive payment account data that is processed by merchants and payment processors. The standard has 12 requirements organised around six basic elements including, build and maintain a secure network, protect cardholder data, implement strong access control, and maintain a vulnerability management programme. Protecting stored cardholder data is the most challenging requirement because it involves data encryption, which may necessitate different solutions from several vendors. Deploying multi-vendor point solutions, however, is expensive, causes interoperability problems, and creates islands of security that are risky and difficult to manage.
"We were faced with an aggressive timeframe to become PCI compliant and needed flexible security implementation at both the database and application levels," said Mayer Wertheimer, manager system administration, B&H Photo, a provider of photo, video, audio and digital equipment. "SafeNet helped us meet our compliance challenge with a solution that eradicated security threats with both ease andnd cost-effectiveness."
SafeNet's single solution strategy eliminates the need to spend top dollar on multiple vendor systems that have not been designed to work together and, more importantly, ensures that stored cardholder data is secured and PCI compliance is met.
Additionally, SafeNet EDP provides a comprehensive foundation of security within a common, integrated framework that allows retailers to select and add the security controls that fit their data protection schemes. This integrated approach assures data protection and compliance today and in the future as needs and requirements change.