The Payment Card Industry Data Security Standard, PCI-DSS, is a security standard for businesses.  It mandates compliance for any merchants who store, process or transmit credit card data, including cardholder information.  It is supported by all major card brands and exists to reduce credit card fraud by ensuring organizations use secure IT systems and follow good business practices while handling credit card data.

Adherence to PCI-DSS standards is mandatory for organizations wishing to process any of the major payment card brands, requiring an annual compliance assessment by either an external PCI Qualified Security Assessor (QSA) or by self-assessment, depending either on the volume of transactions handled or the requirements of the merchant’s bank.

And, as all retailers know, compliance with PCI-DSS is vital.  Failure to achieve formal compliance, or a card data breach, can result in substantial fines and ultimately the suspension of the merchant’s license.

On top of the obvious reputational damage, this would inevitably lead to the enforcement of additional security measures and a requirement for forensic audits, all of which incurs significant cost to the business.

Enhanced PCI-DSS Compliance with Zynstra

With Zynstra edge IT, retailers can use powerful edge security and keep current features to deploy their own compliant solutions.

The Zynstra PCI-DSS product option adds a number of features to the standard product offering. Highlights include:

• Implementation of policy and procedures to ensure that the Zynstra Support Team operates as a PCI-DSS Tier 1 Service Provider
• Heightened security event and log auditing by the Zynstra Support Team
• Provision of dedicated Cloud Management Platform resources
• Hardened security features enabled in the Cloud Management Platform and on Edge servers
• Enforcement of compliant intrusion prevention measures such as password policy, failed-logon blocking, and port blocking.

How IT Works

Benefits

The resources and services provided by Zynstra cover just one element of the environment in which PCI-DSS compliance will be assessed. The configuration of other devices on the network, the payment terminals used, physical security, staff training, business processes, procedures and policies must all also be considered.

Nonetheless, the IT services supported by Zynstra – including file storage, user security credentials, network protection and secure VMs for hosting applications – are critical systems for any retail or hospitality business. Proper use of Zynstra within a PCI-DSS compliant environment can result in reduced cost and effort to meet compliance requirements and simplified compliance auditing:

• Zynstra offers enhanced PCI-DSS support to merchants who want to significantly reduce the cost and effort of achieving compliance across in-store IT systems. This add-on product option delivers enhanced security policies and additional support processes, backed by a PCI-DSS Matrix of Responsibility (MoR) and Attestation of Compliance (AoC)
• The unique Zynstra keep current service ensures server operating systems and security software is automatically patched and updated as mandated by PCI-DSS
• A next-generation firewall option and internet gateway software deployed on each server helps to meet penetration resistance scanning requirements
• Zynstra underpins a consistency of server, security and software architecture across all retail stores, which reduces compliance auditing effort and complexity.