Information security company SafeNet has developed a data protection encryption and key management security service for retailers still struggling to comply with the Payment Card Industry’s Data Security Standard.
Companies face heavy fines and increased transaction rates if they do not comply with the standard, which went into broad effect more than two years ago.
The SafeNet EDP service is intended to reduce the complexity of protecting stored cardholder data.
Protecting stored cardholder data is one of the most challenging requirements of PSI compliance because it involves data encryption, which may necessitate different solutions from several vendors making it expensive and introducing potential interoperability problems.
SafeNet EDP service introduces an integrated framework that allows the selection of specific security controls needed by a retailer, and which also allows data encryption products from various sources to be merged at the database and application level.
Retailers are finding it hard to cope with PCI DSS compliance, and protecting stored cardholder data is considered the toughest aspect. “The greatest challenge retailers faced with PCI DSS is finding and implementing a solution that not only complies with the standard, but doesn’t slow business processes,” said SafeNet’s Derek Tumulak.
The standard was developed by the major credit card companies in order to establish a standard set of regulations for all merchants, and vendors who transmit, process or store cardholder data.
It includes a dozen security controls, including encryption, transaction logging and monitoring, along with authentication and access controls.