skip navigation
OneSign solutions for

pci compliance

Related Items
WHITE PAPERWHITE PAPER:
A Pathway to PCI Compliance

View a Demo
Request a Pilot
How to Purchase
sign up to stay connected
Info Security Products Guide, “Global Excellence in Authentication and Two-Factor Solution Customer Trust Awards 2007,” (OneSign AM) - April 2007

Imprivata - Providing the Tools for PCI Compliance
During the last ten years there has been an explosion in the use of Internet-based commerce, as well as a drastic increase in credit and debit card usage in the physical storefront. Despite the best efforts of organizations to protect customer data, consumer fraud and identity theft have hit new highs.


In response to this increased threat, governments around the world have been considering an array of new laws and regulations to systematically combat the problem. In addition, the banking and credit card industry have spearheaded their own initiatives, including the newly revised Payment Card Industry (PCI) Data Security Standard (DSS). This standard was developed to provide all organizations that deal in credit card transactions with the best tools to combat growing security threats.

Recommended Resources:
A Pathway to PCI Compliance with Forrester Research
•View the webinar
•Download the whitepaper

ComputerWeekly.com: Mothercare Picks Imprivata, Secure Computing to meet PCI DSS Committments
View the article

 

What is PCI Compliance?

In 2006, a group of leading financial services companies formed an independent council tasked with recommending data security practices to protect consumer privacy. The council developed the Payment Card Industry (PCI) Data Security Standard (DSS), the first-ever industry standard to set guidelines on improving payment account security thoughout the transaction process.


How Does it Work?
The council established twelve general requirements for maintaining the security of consumer information at all points of the transaction process. The goal of PCI compliance is to make electronic commerce universally safer and easier to implement for the banking and electronic credit card industry. To adhere the new regulations, all merchants in the transaction chain must comply with the same standards. The benefit of PCI compliance is that it makes security achievable by all organizations regardless of size.

 

What are the Challenges?
As is true anytime we tighten security and policies are tightened, there is the potential for a corresponding increase in user complexity and decrease in productivity. A key to success with any regulatory compliance effort—including PCI compliance is to accomplish measurable goals using policy and controls that are easy for the users to implement and accept. Better usability ensures acceptance and compliance, resulting in better security. Complex, arduous solutions are doomed to user rejection and ineffectiveness.


Ease into Compliance with OneSign
Imprivata OneSign gives organizations a robust, yet simple and easy to install, SSO and strong authentication solution that provides key components for PCI compliance. In addition, Imprivata’s OneSign Physical | Logical can provide authentication on the physical level that is not currently offered by any other vendor in the marketplace. Combined, these solutions provide companies with valuable tools to help comply with a majority of the current PCI compliance regulations.

PCI Compliance Resource Center
The Payment Card Industry (PCI) Security Standards Council (SSC) maintains a repository of documents useful to merchants and payment service providers (PSPs) who need to achieve PCI compliance:
· Search CIO (8/17/2007): PCI Data Security Standard compliance: Setting the record straight
· PCI DSS Summary of Changes
There were some significant changes between the January 2005 version of the DSS and the September (1.1) version. This document is a short list of the key changes that merchants and PSPs should be aware of between the two.
· Payment Card Industry (PCI) Data Security Standard, Version 1.1
This document contains the full text of the PCI DSS. It is the best starting point for understanding the requirements for PCI compliance. The document lists the six control objectives, the twelve PCI compliance requirements, and additional sub-requirements.
· PCI DSS Security Audit Procedures
This document is used by the on-site auditors (QSAs) when assessing PCI compliance. Administrators, compliance officers, and internal auditors who are responsible for PCI compliance readiness should read this document after reading the DSS.
· PCI DSS Self-Assessment Questionnaire
This document may be useful to administrators and internal auditors who wish to gauge their level of readiness for an on-site PCI compliance audit.
· PCI DSS Glossary, Abbreviations and Acronyms
Definitions of specific terms used in the PCI DSS including many standard security terms.

products  industries  services  success stories  partners  news  resources  about us  events  site map © 2008 Imprivata Inc., All rights reserved.