Payment Card Industry (PCI) Data Security Standard

Achieving Compliance

• Strong authentication should be used to protect employee access to all cardholder data
• Encryption is one of the best ways to protect cardholder data in transit (such as via email or transaction processing)
• Content monitoring and control can help prevent a cardholder data breach and protect your brand

PCI Compliance: Protecting Identities and Information [884 kb]

The following Entrust solutions can help in meeting these and other PCI requirements while helping to establish an overall security policy for your organization.

Entrust Entelligence Mobile Data Security	Provides encryption of data on laptops, PDAs and other mobile devices. Can be instrumental in protecting sensitive cardholder data contained on mobile devices used within merchant enterprises.
Entrust Entelligence Group Share	Provides the ability to encrypt group files or folders no matter where they are transferred, stored or copied. The solution, which features patent-protected, client-server architecture, is transparent and automatic, and also uses persistent encryption to secure files and folders even if they exist on an external server, disk, drive or USB device. The file even remains encrypted when copied.
Entrust IdentityGuard	Provides strong two-factor authentication for securing access to transaction processing systems and database repositories containing credit card numbers, cardholder account information and transaction history. Offers many different methods of inexpensive authentication to suit the level of risk, including risk-based authentication based on IP-geolocation and the ability to leverage data delivered through the Entrust Open Fraud Intelligence Network (OFIN). Can be deployed to secure remote access to cardholder data systems.
Entrust Entelligence Messaging Server	Provides encryption of sensitive data contained within email (such as credit card numbers or cardholder information). Can be configured to automatically encrypt at the boundary of the network to prevent PCI regulated content from exiting the network unprotected.
Content Control Powered by Vericept	Vericept Protect provides a scalable server-based content monitoring and control solution that scans and quickly analyzes inbound and outbound email and attachments for identification and remediation of sensitive content. Works with Entrust Entelligence Messaging Server to automatically encrypt, self-remediate, block or quarantine messages that violate corporate policies to help detect and stop sensitive cardholder information (such as card numbers) from leaving the corporate network unprotected.

Entrust Security Solutions for PCI Compliance

It can often be confusing and difficult for organizations to undertake the process of finding out if they are compliant with the Payment Card Industry (PCI) standard, and if they are not compliant, identifying what specific and practical steps they must take to become compliant. The PCI guidelines are somewhat broad and undefined, and as such it is not always clear what a card company such as VISA will find to be an acceptable mitigating data control. Audits done by PCI-approved assessors and security vendors typically suggest millions of dollars worth of security applications in order to be fully compliant, but these suggestions are not practical in most cases.

With cost-effective security solutions for data encryption, strong authentication and email security, Entrust can aid in achieving your specific PCI data security compliance requirements. Three of the main categories of PCI requirements that Entrust can address for merchants and service providers are the following:

• PCI Compliance: Protecting Identities and Information

• PCI Compliance

• VISA Fraud Prevention & Security
• VISA Merchant and Service Provider Levels

• Entrust Entelligence Mobile Data Security
• Entrust IdentityGuard
• Entrust Entelligence Messaging Server