PCI-DSS Compliance

A slew of new technologies such as the explosion of mobile devices are having a profound impact on the retail industry. Meanwhile, new security threats are being identified daily, and the retail industry needs to protect itself. OpenText offers a wide range of secured connectivity solutions that will allow organizations in the retail industry to secure file transfers and application access and comply with payment card industry requirements.

PCI-DSS - Payment Card Industry Data Security Standard

The PCI Data Security Standard emerged recently among a cluster of other regulations that came out in the last 10 years: Basel II, Gramm-Leach-Bliley Act, Health Insurance Portability and Accountability Act, Sarbanes Oxley Act of 2002 and California State Bulletin 1386 to name a few.

Several credit card organizations that develop and manage their own standards independently are participating in the PCI effort: Visa, MasterCard, American Express, Diner's Club, Discover Card and JCB. The PCI DSS is a collaborative effort to achieve a common set of security standards for use by entities that process, store or transport payment card data.

Scope of requirements

PCI DSS requirements are applicable if a Primary Account Number (PAN) is stored, processed or transmitted. Merchants and service providers who handle payments through cards are mandated to be PCI DSS compliant.

According to the PCI DSS 1.2, the security requirements apply to all "system components" that is included or connected to the cardholder data environment. These system components include:

  • Network components: firewalls, switches, routers, wireless access points, network appliances, security appliances
  • Servers: web, database, authentication, mail, proxy, DNS, NTP
  • All applications, internal and external, purchased or custom

Cost of non-compliance

The first thing that a non-compliant organization would be exposed to issignificant fines and penalties. Visa set compliance deadlines of September 30, 2007 for the largest merchants and December 31, 2007 for the middle-sized US merchants.

Since the beginning of this year, Visa has started levying monthly fines of $25,000 to non-compliant US merchants and $5,000 to their Acquirers.

In addition to non-compliance fines (which are enforced by Visa), the PCI DSS allow the various card brands to fine a merchant for non-compliance with PCI for each incident. The fines can amount to $500,000 per incident per card brand per compromise type (PCI includes both the PCI DSS and the PCI PIN requirements). A merchant carrying 3 credit card types could end up paying $3M for each incident.

OpenText Connectivity Solutions for PCI-DSS Compliance

As a leading Connectivity solution vendor, OpenText offers a successful line of network security products which can help companies in their effort to become PCI DSS compliant.

With more than 20 years of experience in the enterprise connectivity market, OpenText Connectivity Solutions covers a broad spectrum of needs including:

  • Data in transit security
  • Heterogeneous networks data exchange
  • Data integration and transformation
  • Legacy applications access
  • Access to high-end graphical Unix applications

We have been serving companies of all size which have deployed our solutions in a wide variety of mission-critical environments, from market rooms to engineering offices.

If your organization hosts or interacts with credit card data, there is no doubt that you will be impacted by the PCI standard sooner or later. Contact OpenText Connectivity Solutions Group today to find out how we can help you along the way to PCI compliance. We will assess your connectivity PCI requirements and propose you the solutions that best suit your needs.

Solution Briefs

  • FTP: a ticking bomb

    Built in the early 70's, FTP is a widely used file transfer mechanism that is everything but secure. Find out about the risks of running FTP and what to do about it.

    FTP, the enemy within
  • PCI-DSS Compliance

    The Payment Card Industry Data Security Standard has created new headaches for retail business and financial institutions. Find how we can help you be compliant.

    PCI Compliance
  • Secured Connectivity

    Complying with tight business regulations can be challenging for traditional non-secure Connectivity applications. Find out about Secured Connectivity.

    Secured Connectivity

Main Navigation

Select Region