Protection of cardholder information has become a vital function and any organization dealing with sensitive data of this type is aware of the importance of form strategies being in place to demonstrate compliance.
The Payment Card Industry Data Security Standard (PCI DSS) is a set of requirements designed to ensure that all companies that process, store or transmit credit card information maintain a secure environment.
The Payment Card Industry (PCI) has developed a set of Data Security Standards to ensure compliance.
- One of the key requirements is to protect stored cardholder data.
- The recommended best practice to remove cardholder data that is not required to be held, wherever possible.
- A typical example of this is the customers card number on a direct debit mandate form. This can be removed once the debit is set-up.
Does PCI DSS apply to you?
If you store, process or transmit any cardholder data electronically or manually, then your business needs to comply.
This includes CVC2/CCV/CID, PIN, Card number data where it is no longer needed.This also applies to cards that have expired, or are due to expire. Typically old image archive systems do not take account of this and store the whole side of paper as a “photograph”.
Automation – Our solution runs automatically, in the background. Precious user time is not required to review files or keep the system running.
Zero Downtime – The images can still be accessed while the compliance engine works on the dataset. Users will not be affected and customer service levels can be maintained.
Extendable -The system is programmed with a set of common rules, ready for running. We can tune the system for special requirements or for other data or documents.
Our PCI Compliance Solution enables customers to automatically redact all credit card information from documents, without destroying the rest of the document.
The system is sold as a single box solution. There is no limitation on the number of documents that can be processed, although of course processing documents takes time. Typically the solution is used on existing archives of information, but it can also be used as part of a live scanning operation. Once documents are redacted, the redaction cannot be undone. This is important for compliance reasons. If necessary, our solution can also produce encrypted versions of original source documents.
- Images either in one of the IBM ECM products (Filenet, Image Services or Content Services) or accessible via file system or another ECM API.
- Images in either TIFF or PDF format (formats expandable upon request).
- Credit Card numbers identifiable by regular expression type locators, or by location on-image.
- Form types identifiable from textual or logo elements.
- A Microsoft Windows client machine (running Microsoft Windows 7 + | Microsoft Windows Server 2008 +) with the ability to access the files, and to write new versions and audit information.