Enabling PCI DSS Compliance

The Payment Card Industry Data Security Standard (PCI DSS) is an industry-wide framework and compliance requirement for any company that stores, processes or transmits credit card data. The standard was developed by the major credit card brands, Visa, MasterCard, Discover and American Express, to increase controls around cardholder data and reduce credit card fraud via its exposure.

Gazzang zNcrypt™ and Gazzang zTrustee can help organizations comply with three of the 12 PCI DSS requirements:

  • PCI DSS Requirement 3- Protect stored data
  • PCI DSS Requirement 4- Encrypt transmission of cardholder data across public networks
  • PCI DSS Requirement 7- Restrict access to data by business need-to-know

Gazzang zNcrypt uses industry-standard AES-256 encryption to secure cardholder data in centralized or massively distributed big data and cloud environments. Using zNcrypt, organizations can encrypt entire databases, individual tables or log files and tightly control access to the cryptographic keys. And because the encryption happens “on the fly,” as data is written to disk, the data is never exposed while at rest.

Our unique, process-based access controls protect sensitive cardholder data from unauthorized access. The cryptographic keys from Gazzang zNcrypt as well as those used in SSL transmissions, are managed with zTrustee. The universal, software-based key management solution features robust and configurable access control policies that meet PCI DSS requirements. Without access to keys, unauthorized users and applications have no way to decrypt cardholder data.