Benefits to Business

Benefit to Business

• Achieve PCI DSS certification faster
• Maintain and ensure an easier path to PCI DSS re-certification
• Realise a greater ROI through improved resource efficiencies 
• Reduce CHD loss/leakage incident rate 
• Manage risk through continuous PCI capability assessment 
• Improve customer security – protect corporate revenue

Process

Process - Preparing For Compliance

Audit

• Through a comprehensive scan of all network wide resources (files servers, mail servers, desktops, laptops), an organisation can efficiently discover and identify where CHD components (both structured and semi-structured card details) are stored on their network. 
• PixAlert’s PCI Automated SCOPE Assessments are non-intrusive to existing IT processes and follow a well defined, proven process. 
• Intelligent and actionable reporting will provide users with visibility and control over the extent of their CHD components (both in and out of the scope environment). In identifying vulnerabilities, it will enable an organization to take proactive, corrective action through the implementation of proper controls and updated risk assessments.

Re-Audit

• Regular audits will help to demonstrate that PCI DSS is being continuously monitored and maintained through automated scans and reporting structures which ensure that consistent security measures and compliancy standards are being upheld constantly.

Resources

Resources
Paper: PixAlert’s PCI DSS Positioning White Paper
Blog: PCI DSS –Continuous Risk Based Approach to Addressing Security Threats
Blog: PCI DSS - Positive Trends Emerge in Latest Compliance Report
Blog: Watchdog Ruling Sets PCI DSS on Legal Footing for Protection of Credit Card Data

Our Customer’s Experience 

Client: National UK Banking Network
‘Seeking a Solution to Determine What Card Holder Data Exists Within Out-Of-Scope PCI Environment’

Requirement: A national UK Banking Network working towards PCI DSS certification required a solution to accurately determine the scope of their PCI DSS by identifying all locations and flows of cardholder data CHD within and outside the scope of their data environment. The bank specifically requested a methodology to verify and prove both at time of audit and an ongoing basis that no CHD existed in their out-of-scope environment. 

Solution: PixAlert’s PCI Automated SCOPE Assessment 

Process: A comprehensive, non-intrusive audit of all network resources (files servers, email servers, desktops and laptops) enabled the bank to discover and identify the existence of all cardholder data stored across their network and in particular CHD stored in their out-of–scope environment 

Outcome: The audit analysis revealed that 25% of targeted resources were discovered to contain CHD data, many of which were in the bank’s out-of-scope data environment, and identified email exposure risk as ‘very high’. In particular, the customer found that patterns of usage were identified which showed poor practice had been built into their business process including: emails containing credit card details; inappropriate use of credit card details in testing of software and inappropriate storage of credit card details. This information enabled the bank to take corrective action in remediating their CHD, reassess their controls and policies and for the purposes of PCI DSS assessment, ensure that their data was correctly secured within their in-scope environment. 

Conclusion: PixAlert’s PCI Automated SCOPE Assessment provided the bank with visibility and actionable intelligence over the extent of their data exposure and specifically identified sources of vulnerability. It enabled the bank to take proactive control to manage their CHD risk while achieving PCI DSS certification. 

As a result of their initial audit, the bank has chosen to implement PixAlert’s PCI Automated SCOPE Assessment to achieve re-certification and maintain PCI DSS security continuously through regular re-audits and reporting.

Data Discovery Analysis