Search Scenario: PCI Compliance

PCI (Payment Card Industry) compliance is a set of standards followed by all companies and merchants accepting payment from customers via credit or debit card. Business owners and operators that accept, process, transmit or store cardholder data are required to comply with PCI security standards to ensure a secure payment card environment.

The goal of PCI compliance is to ensure that merchants provide the maximum security when processing customer payments or handling customer data.

Using an approved point-to-point encryption solution helps merchants reduce the value of stolen cardholder data because it will be unreadable to an unauthorized party.

Cardholder information can be exposed through different sources, especially if customers send sensitive, unencrypted information over email, including attachments or documents. Sensitive information can also exist in data centres (cloud) when using Box, Microsoft SharePoint, Microsoft OneDrive, or Citrix ShareFile.

For more information on PCI compliance standards, refer to PCI Securities Standards Council.

Sensitive Cardholder Data

There are several forms of cardholder data, some of which is encoded, on a payment card. The following is a typical credit card and its information.

Sensitive data can be found in different places on your network and cloud:

  • Email messages
  • Documents (attachments and forms)