The Payment Card Industry Data Security Standard (PCI DSS) is a global security program created to increase confidence in the payment card industry and reduce risks to PCI members, merchants, service providers and consumers. It was developed by the major credit card companies as a guideline to help organizations that process card payments prevent credit card fraud.
IBM security management solutionsTo support your IT objectives
Help address all 12 PCI requirements
with IBM solutions for compliance.
The Payment Card Industry Data the use of data encryption and end-Highlights Security Standard (PCI DSS) is a user access control with activity ? Develop a comprehensive, end- global security program created to monitoring and logging. For compli-to-end compliance solution with increase confidence in the payment ance, support is mandated for integrated products and services card industry and reduce risks to PCI all 12 requirements. ? Leverage IBM capabilities for gap members, merchants, service providers analysis, remediation, validation, and consumers. It was developed by To help address their PCI initiatives, ongoing testing and reporting the major credit card companies as many organizations turn to IBM as ? Integrate security management a guideline to help organizations that their logical choice for single-source across multiple, heterogeneous process card payments prevent credit compliance solutions. Only IBM has environments card fraud. A company processing, services and products designed for all ? Help ensure detailed auditing and storing or transmitting credit card 12 PCI requirements. IBM also offers reporting on a quarterly and ongoing basis numbers must be PCI DSS compliant, or the advantage of being a merchant, a it risks losing the ability to process credit service provider and a hosting provider. ? Support ongoing compliance efforts with strategic, scalable solutions card payments. Merchants and service Only IBM can provide such a depth of providers must validate compliance with experience and range of global security ? Take advantage of IBM Global Services to support your global an audit by a PCI DSS Qualified Security consulting and implementation services. operations and to drive a holistic Assessor (QSA) Company. approach to meeting PCI With IBM, organizations can accel-The standard is based on 12 major erate the PCI compliance process, data-centric requirements (and subre- strengthen their current security quirements for each area) that combine compliance position and develop a scalable security solution for ongoing Finally, PCI compliance should be compliance as their organization understood as a continuous process, continues to evolve. requiring certification, software and services needed for the repeated A comprehensive, service-based approach assessments, testing, monitoring and PCI compliance is a complex, ongoing reporting. With IBM solutions, this process. Based on experience and process, along with other compliance research, IBM recommends a com- requirements, can be executed in an prehensive approach that includes effective, strategic manner. assessments, gap analysis, the development and implementation Solutions that fully address PCI of a comprehensive remediation plan, compliance effortsand regular assessments. The comprehensive IBM approach to PCI compliance is backed by Accurate gap analysis assessment lays a large number of IBM solutions, the foundation for compliance efforts. including IBM ISS certified assess-IBM has found that today's compliance ments, scanning and certifications that gaps are usually based on the lack of a are designed to help organizations multitude of factors, including segrega- streamline and enhance their security tion of duties, adequate access controls, compliance efforts. Once a proper network segregation and other factors. assessment has been done, existing processes and technologies can be Proper remediation through automation positioned if possible to meet PCI and integration helps contain what can compliance. In addition, a remediation often be a significant expense. In fact, plan to help address gaps is devel-companies that select individual solu- oped. Following are samples of some tions for each regulatory challenge will IBM solutions that can be selected to spend 10 times more on the IT portion develop the most effective PCI compli-of compliance projects than companies ance response for your organization that take an integrated approach.* and help transform your security infra-structure into a more integrated and effective one.
2IBM Global Technology Services can Integrated Communications Services workforce productivity by blocking manage your road to PCI compliance from IBM Global Services offers a viruses, worms, hackers, spa... [download for more]
