Search Scenario: PCI Compliance
PCI (Payment Card Industry) compliance is a set of standards followed by all companies and merchants accepting payment from customers via credit or debit card. Business owners and operators that accept, process, transmit or store cardholder data are required to comply with PCI security standards to ensure a secure payment card environment.
The goal of PCI compliance is to ensure that merchants provide the maximum security when processing customer payments or handling customer data.
Using an approved point-to-point encryption solution helps merchants reduce the value of stolen cardholder data because it will be unreadable to an unauthorized party.
Cardholder information can be exposed through different sources, especially if customers send sensitive, unencrypted information over email, including attachments or documents. Sensitive information can also exist in data centres (cloud) when using Box, Microsoft SharePoint, Microsoft OneDrive, or Citrix ShareFile.
For more information on PCI compliance standards, refer to PCI Securities Standards Council.
Sensitive Cardholder Data
There are several forms of cardholder data, some of which is encoded, on a payment card. The following is a typical credit card and its information.
Sensitive data can be found in different places on your network and cloud:
- Email messages
- Documents (attachments and forms)
Here is a scenario for searching for sensitive information related to payment cards.
Due to an event that requires enrollment, one of your account managers emailed a payment form with the word Mastercard written on it. The event ran from September 1 to September 7, 2017.
The Chief Information Security Officer (CISO) was notified. The CISO informs you that because of PCI compliance standards, you cannot have unencrypted payment information on your network (both on-premise and in the cloud). The CISO is aware of other similar organizations who have dealt with these issues incorrectly, and as a result, have paid fines and suffered reputation damage.
The CISO instructs you to undertake proactive auditing and remediation. You will need to search messages, documents, and attachments in emails and cloud locations that includes the word Mastercard and remove them. In this PCI audit, you must run a search with the following criteria:
- Search for credit card types: Visa, Mastercard, American Express and so on.
- Conduct an advanced search using templates to remove one type of credit card.
- Limit your search to a date range between September 1 and 7 inclusive.
- Add the word: Mastercard
- Add the name of the enrollment form customers are downloading from your website.
- Add the name of the attachment customers are including in email messages.
- Perform an advanced search. Select Search > Advanced Search.
- Run a federated search by adding rules for the following:
- Email, ALL, Matches. Text: visa OR diner's club OR american express OR discovery OR jcb. We are excluding Mastercard in our search.
- credit_card, ALL, Matches, Text: * (asterisk)
- Filename, Matches. In the text box, enter the name of the enrollment form customers are downloading from your website.
- Filename, Matches. In the text box, enter the name of the attachment that contains sensitive information.
- Start Date. Search for items between September 1 and 7, 2017, inclusive.
- Click Search.
- Review the results, examining each item carefully.
- You can do this in Quick Search mode or in a more comprehensive view.
- Click Preview to view the contents of a particular result.
- There may be a few that relate to your investigation, so tag them as Relevant.
- Export items for your suit.