Anderson Zaks, a Managed Service Provider offering payment processing services via their RedCard software, has purchased Tripwire Express to obtain and maintain compliance to Section11.5 of the Payment Card Industry Data Security Standard (PCI DSS) across all its IT systems handling sensitive customer information.
Many thousands of merchants rely on Anderson Zaks' integrated payment processing software to deliver reliable and cost-effective electronic payment transactions. Catering to customers from small corner shops through to multi-national corporations, Anderson Zaks supports transactions with acquiring banks and payment service providers globally. On 10th July 2009, Anderson Zaks, a Level 1 Service Provider, was certified as PCI DSS v1.2 compliant.
Compliance with PCI DSS is compulsory for those companies processing payment card transactions, and failure to comply results in severe financial penalties as well as significant business consequences in the case of a security breach.
Using Tripwire Express, Anderson Zaks has a comprehensive file integrity monitoring solution which enables critical system file monitoring as well as audit file monitoring, ensuring that no audit trail is deleted or changed in any way - two essential components of the PCI DSS directive.
Clive Harris, Security Manager at Anderson Zaks, comments, "Tripwire has provided a complete solution to ensure that our data is secure according to the necessary standards set out in the PCI DSS guidelines. The visibility it has provided ensures that we are continually aware that our infrastructure is PCI compliant and the reporting gives us essential insight into our systems in real-time."
Anderson Zaks chose Tripwire Express following an evaluation of various software options available on the market. Harris comments, "Tripwire is an affordable solution that best suited our requirements. Its ability to provide benchmarking against our base configuration, enabling us to check for any changes, was a definite advantage."
Harris continues, "The functionality provided by Tripwire Express goes beyond the requirements for PCI DSS and moving forward we plan to explore other possibilities, such as the creation of new rules to detect changes beyond the critical systems to include configuration and content files."
Tripwire Express for PCI is designed for companies with a limited amount of infrastructure in-scope for PCI DSS compliance, and limited time, staff and funding to implement and maintain a file integrity monitoring solution. The software enables businesses to take advantage of Tripwire's industry-leading PCI compliance capabilities quickly and easily and it has a low cost of ownership.