The major credit card associations have collaborated to create a single set of worldwide requirements, called the Payment Card Industry (PCI) Data Security Standard (DSS), for consumer data protection across the entire industry. The PCI DSS aligns Visa's and MasterCard’s own data protection programs, streamlining requirements, compliance criteria, and validation processes. It addresses merchants' and acquirers' concerns of having to meet more than one set of standards to accomplish a single goal.
The PCI Data Security Standard defines a security framework with six areas of requirements that apply to all members, merchants, and service providers that store, process or transmit cardholder data. PCI DSS requires specifically that cardholder data and sensitive information needs to be encrypted when transmitted across public networks. The SSH Tectia platform helps in complying with this requirement by encrypting transmission of files, terminal connections, and application traffic over TCP/IP networks, eliminating the possibility to eavesdrop cardholder data in transit. PCI also requires practices for tracking and monitoring all access to network resources and cardholder data.
SSH's solutions allow for centralized tracking and monitoring of secured connections to network resources. Encrypted connections and secure file transfer operations can be later audited and tracked to specific users and actions. Auditing functionality helps in determining the cause in the case of a security violation. By deploying the SSH Tectia platform for secure file transfers and application connections, retail industry and banks can implement strong end-to-end transmission security in compliance with the credit card industry’s PCI standard.