Web Application Security and PCI DSS Compliance
The Payment Card Industry (PCI) Data Security Standard (DSS) was created by major credit companies as a set of guidelines to help businesses protect sensitive credit card information from fraud and other threats. These guidelines have grown into a set of mandatory regulations that all credit card merchants or service providers processing, storing, or transmitting card data must be in compliance with - at the risk of large fines or disciplinary action from card associations.
Costs of Non-Compliance with PCI DSS
Non-compliance with PCI DSS can harm a company. Penalties range from large fines to completely losing authorization to process credit card payments. In addition, breaches caused by non-compliance with this recognized industry standard reflect poorly on a business, which can continue to harm a business reputation even after security has been upgraded.
Fines for non-compliance can be as high as $500,000 per incident - potentially crippling amounts to smaller businesses. However, if a breach, or other incident, occurs while the company complies with PCI DSS standards, the fine is waived. This is known as "safe-harbor".
No security system can be guaranteed to prevent every attack or malicious action. But using Radware Attack Mitigation Systems will help a business ensure they comply with PCI DSS standards, and are doing everything possible to protect their data.
PCI DSS Compliance Requirements
There are 6 categories (covering 12 specific requirements) that make up the principles of PCI compliance:
Build, and maintain, a secure network
- Install and maintain firewall configuration to protect cardholder data
- Do not use vendor-supplied default passwords
Protect cardholder data
- Protect stored data
- Encrypt transmission of cardholder data across open, public networks
Maintain a vulnerability management program
- Use, and regularly update, anti-virus software
- Develop and maintain secure systems and application
Strong access control measures
- Restrict access to cardholder data by business need to know
- Assign a unique ID to each user
- Restrict all physical access to cardholder data
Regularly monitor and test networks
- Track, and monitor, access to network resources and cardholder data
- Regularly test security systems and procedures
Maintain an information security policy
Maintain a policy that addresses information security for employees and contractors
Radware PCI DSS Compliance Products
Our suite of web application security products helps businesses become PCI DSS complaint. The following products contribute to your compliance, and customer security:
AppDirector: From load balancing to application acceleration and other functions, AppDirector ensures your network is always available and functioning at maximum performance levels.
AppWall: This web application firewall appliance secures web applications and mitigates security threats that could compromise data and sensitive information. Learn more about web application firewall applications here.
AppXML: AppXML is a comprehensive security gateway that functions as an intermediary for exchanging secure services between and enterprise and business partners. This enables enterprises to achieve a higher ROI through secure and efficient e-business process integration.
DefensePro: This suite is a real-time intrusion prevention system and DDoS/DoS protection device that maintains business continuity by providing protection against known attacks and emerging network attacks.
Inflight: This is an out-of-path, network-based monitoring appliance, which captures all user transactions from network traffic and delivers real-time events for business applications.
LinkProof: The industry leading multi-WAN load balancing solution ensures connectivity to the internet and intranets through diverse transport technologies, minimizing connectivity loss due to service failure.