Simplify PCI compliance and manage risk

The Payment Card Industry Data Security Standard (PCI DSS) is a set of industry-mandated security requirements for credit and debit card transaction processing. PCI DSS applies to stores, online retailers and other organizations, and covers a broad range of security topics including network configuration, data protection, internal control and policy development.

A council composed of major credit card corporations is responsible for maintaining PCI DSS requirements. While compliance is not mandated by United States federal law, some state laws require that payment processors comply with PCI DSS or similar standards.

The challenge of unstructured data

PCI DSS requires that banks, payment processors, and other organizations protect credit card data at rest and in transit. Most organizations have solutions in place that meet PCI requirements for their database environments. However, PCI data also exists in unstructured data—in files on employee devices and servers—and represents a significant risk.

Unstructured data accounts for 80% of a typical organization’s data, and is expanding at an exponential rate. Employees at banks, payment processors, and other organizations are constantly extracting sensitive information—including credit card data—and saving it into files on desktops, laptops, and file servers. IT and security administrators often have no visibility into what types of data their employees are saving in files, and no ability to remediate it without manual intervention.

PKWARE data redaction for PCI DSS compliance

PKWARE’s automated data redaction technology removes credit card numbers from files based on organizational policy. Redaction takes files out of scope for PCI requirements, and ensures that cardholder data will not be exposed in the event of a computer theft or other security event.

Automated data redaction addresses the problem of credit card numbers in unstructured data, without breaking user workflows.

  • Other file contents remain unchanged, allowing employees to continue to do their jobs
  • Files remain in their original locations
  • Our industry-best discovery technology minimizes the problem of false positives
  • Administrators can also configure the solution to save a copy of each file in a quarantined location, preserving the unredacted data in case it may be needed