Enable Cost-Effective Auditing, Logging, and Control

The Payment Card Industry (PCI) Data Security Standard (DSS) was developed by the major credit card companies as a guideline to help businesses that process card payments prevent credit card fraud, electronic break-in, and other security vulnerabilities and threats. Any credit card merchant or service provider processing, storing, or transmitting payment card data must be PCI DSS compliant. The penalties for non-compliance range from the imposition of large fines up to loss of authorization to process credit card payments. Compliance can come at a hefty price tag for most of these businesses as they seek to incorporate the required security measures within their organizations and networks.

The Price of Non-Compliance

The driving force behind the effort to secure all credit card data is the PCI Security Standards Council, which was founded by American Express, Discover Financial Services, JCB, MasterCard Worldwide, and Visa International.

To foster compliance, the card associations have offered both incentives and penalties. As an incentive, merchants are offered protection from PCI related fines, which can be as high as $500,000 per incident, if they are compliant at the time of the breach. This is what is known in the industry as “safe harbor.” Merchants that are not compliant at the time of breach do not receive immunity from the levy of incident-related fines and may in fact face additional monetary penalties if generally found in non-compliance. Some card brands have threatened to levy increased fines against larger merchants, up to $25,000 per month, until they achieve compliance.

Achieving compliance is a costly matter for these businesses involving certifications by quality security assessors (QSAs), the implementation of various security technologies within and without the network, and the addition of trained staff for maintaining and monitoring related processes and infrastructure.

How can Radware solutions enable PCI Compliance?

Radware’s solutions help companies around the world to become PCI DSS compliant in a cost-effective manner. The solutions are fully integrated into the existing infrastructure in the data center with nearly non-existent disruption to existing, non-PCI compliant projects.

Radware’s integrated solution set for PCI compliance includes:

• AppWall: Advanced Web Application Firewall (WAF) provides the easiest path to comply with PCI requirements 6.5 and 6.6.
• AppDirector: Intelligent application delivery controller enables organizations to comply with different PCI requirements including access control requirements, network segmentation requirements and card holder data protection requirements.
• AppXML: Radware’s Web services and XML gateway help organizations to enforce security and access control policies for web services as required by several of the PCI DSS requirements
• DefensePro: real-time Intrusion Prevention System (IPS) and denial-of-service protection. Provides protection against zero-minute and non-vulnerability-based attacks that misuse the service, enabling organizations to comply with different PCI requirements including requirement 11 and specifically requirement 11.4.
• Inflight: real-time detection of business and security events. Provides organizations with a quick and easy path to implement auditing and logging related requirements (including PCI requirement 10). Inflight enables organizations to create enhanced, PCI compliant, audit logs from a central network location with no change or integration required with Web applications.