Compliance Guide:Payment Card Industry Data Services Standard (PCI DSS)
All public and private sector organisations, commercial or non-commercial are required to protect personal data by law under the Data Protection Act and the Human Rights Act. Banks and other financial institutions face the additional responsibility of protecting client's financial information and security details to ensure these do not fall into the hands of criminal organisations.
The financial services industry has adopted the Payment Card Industry Data Services Standard (PCI DSS) to protect personal data from unauthorised access and misuse. This places considerable responsibility on all those processing any type of card data including retailers and service provides of all types.
DESlock+ provides the functionality required for compliance with core requirements of the PCI DSS standard.
PCI DSS Requirement 3: protect stored cardholder data
DESlock+ Pro provides full disk encryption, removable media encryption and granular encryption providing endpoint data protection of PC's, laptops, external hard drives and USB flash drives, all of which can be used to store cardholder details and card data.
PCI DSS Requirement 4: Encrypt transmission of cardholder data across open, public networks
Although card payment systems are encrypted, the ad-hoc communication of any card holder details within an organisation are often via the internet. All versions of DESlock+ provide the means to encrypt email and file attachments through most email clients including webmail.
PCI DSS Requirement 7: Restrict access to cardholder data by business need-to-know
As with other systems, encrypted data is only accessible using the correct encryption key. However the DESlock+ Enterprise Server can distribute, manage and revoke up to 64 different encryption keys per user over a corporate LAN or securely via the internet. This degree of remote control provides an unparalleled benefit to retail organisations with widely distributed endpoints.
Contact us for more information, advice regarding your data security policy or to arrange a demo or pilot.