Grid-Tools offer expert advice on maintaining PCI DSS compliance

PCI DSS compliance - test data management techniques

From October 2009, PCI compliance went from "best practice" to mandatory for those in the finance industry. All merchants processing less than one million transactions annually must now process using a PCI DSS certified provider or provide certification of their own PCI DSS compliance to their acquiring bank. This mandate follows changes to Visa’s Account Information Security Programme.

The payment card industry’s (PCI) data security standards (DSS) are a set of comprehensive requirements for enhancing payment account data security for credit card companies and any company they exchange information with. They were developed by the founding payment brands of the PCI Security Standards Council, including; American Express, Discover Financial Services, JCB International, MasterCard Worldwide and Visa Inc. International, to help facilitate the broad adoption of consistent data security measures on a global basis. They outline the standards for protecting cardholder data that is stored, transmitted or processed. The regulations are relevant for payment card processors, point of sale vendors & financial institutions. They also present the regulations for implementing security management policies, procedures, network architecture, design and other critical measures to improve electronic payments. The compliance measures involve establishing strict security policies, processes and procedures for all companies administering payment card information.

Organizations must protect cardholder data, which includes:

• Cardholder primary account number
• Cardholder name
• Expiration date
• Service code (accessible via card’s magnetic stripe)

Who is impacted by PCI DSS?

Any company that conducts business using credit cards and any company that belongs to the PCI Security Standards Council or does business with them:

• Visa
• MasterCard
• Diners Club
• American Express
• Discover
• Merchants
• Third-party data processors
• Member banks (for Visa and American Express)

Consequences for data breaches of PCI DSS

Penalties and fines for breaches:

• Non-compliance fines up to $100,000 per incident when cardholder data is compromised
• Non-compliance fines up to $25,000 per incident if cardholder data has not yet been compromised

Grid-Tools – delivering compliant, flexible and reusable data for financial firms and PCI DSS compliance

Your organization’s test data management initiatives are likely to focus on the generation or creation of compliant test or development data, and the management of this data.  Many financial organizations are looking to share and manipulate production-like data across their test and development teams in highly complex environments.

Due to recent regulatory initiatives globally, organizations are strongly discouraged or restricted from using “live” data in non-production environments. Likewise, in order to reduce complexity, reduce storage costs and increase productivity, many organizations are looking for alternatives to using and maintaining copies of large production databases in non-production environments.

Grid-Tools offers the flexibility to create data which models the referential and business integrity of production environments and/or mask and de-identify production data; providing your organization with rich, relationally correct, compliant data sets.  The result is less data, but more variety.  This offers a flexible solution and a strategic method, with the data transforming into a reusable asset. Read more about our test data management solution, Datamaker™, here.

The creation of synthetic or masked data targets the problem of editing, hacking and manipulating production data; reducing test and development cycles, reducing disk space and saving time and money. It also eliminates the need to manually ensure your company’s financial records remain confidential.

Back to the top