Home > Compliance > PCI Compliance
Print PagePrint this Page

Payment Card Industry (PCI) Compliance


What is PCI DSS?
The Payment Card Industry (PCI) Data Security Standard, updated as of October 1, 2008 outlines best practices for credit card data that is stored, processed, or transmitted. All major credit card issuers, including Visa, MasterCard, American Express, Diners Club, and Discover, jointly developed PCI. It consolidates and supersedes the requirements of the previously developed Visa Cardholder Information Security Program (CISP) and the MasterCard Site Data Protection (SDP). PCI DSS Compliance

How do companies comply with PCI?
Encryption is a vital part of PCI compliance. Compliance with requirement 4 requires that a company "encrypt transmission of cardholder data and sensitive information across public networks." Companies should think of public networks as "any network they do not own or control," including shared or leased networks. Although service providers often refer to their networks as "secure private line" services, they are not really private nor are they secure. Leased line services simply separate the data of many other customers using one network, but there is no data security on these networks. Companies must encrypt cardholder data before sending it over third-party networks.

Companies must not only protect stored data at rest, but PCI compliance requires end-to-end encryption of wireless transmissions with cardholder data and other sensitive information. Whether it's for continuous data replication or electronic archival, data must be secured even when it travels to offsite storage and processing locations.

How does CipherOptics help?
CipherOptics CipherEngine provides organizations with a comprehensive data protection solution that ensures the confidentiality, authenticity, and integrity of any data in motion.

The CipherEngine solution allows organizations to easily encrypt data across the network or the entire computing infrastructure using a global policy and key manager along with both hardware and software-based encryption enforcement points. The CipherEngine data protection solution offers best-of-breed performance, elegantly simple installation and management, and breakthrough scalability. CipherEngine gives you the power to protect data in motion wherever, however and whenever you want, without changes or disruptions to your network, your infrastructure, or your operations.

To discuss how CipherOptics can help you can comply with the PCI Data Security Standard, call 1-877-878-6655 and speak directly with a CipherOptics encryption specialist or feel free to ask us a question.

Learn more about PCI DSS

Learn More About:
Scope of Audit Reduction
Application Domain Security
Network Encryption

Helpful Resources
PCI Security Audit Procedures