The PCI Security Standards Council is an independent body formed to develop, enhance, disseminate and assist with the implementation of security standards for payment account security. Compliance is necessary for merchants, processors, and POS providers who process and transmit electronic payments. The PCI Security Standards Council was founded by American Express, Discover Financial Services, JCB, MasterCard Worldwide, and Visa International. The website for the PCI Security Standards Council is at https://www.pcisecuritystandards.org/tech/index.htm.

How Bardon's Software Products Address PCI Security Standards

Below are the PCI security standards that must be followed by all relevant businesses, and information on how Bardon Data Systems software products WinU, Full Control, and Full Control Internet can help companies address these requirements.

Build and Maintain a Secure Network

Requirement 1: Install and maintain a firewall configuration to protect cardholder data

Firewall capabilities are included with all recent business versions of Windows. Bardon's software products are designed to integrate well with such offerings.

Requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters

Bardon's software products provide multiple layers of administrator-designatable password protection and can even password-protect individual programs, if desired. Bardon's software products can be set up to require a separate password to access the Windows interface, administration, and technical features beneath the POS application.

Protect Cardholder Data

Requirement 3: Protect stored cardholder data

Bardon's software products offer File Control, Window Control, Allowed Programs and other security components to protect data stored on the computer, as well as protecting data stored elsewhere that is merely accessed through that computer.

Requirement 4: Encrypt transmission of cardholder data across open, public networks

Bardon's software products protect against inappropriate access of data on the local computer, and are designed to be compatible with products that oversee the transmission of data across networks.

Maintain a Vulnerability Management Program

Requirement 5: Use and regularly update anti-virus software

Anti-virus products are broadly available from a number of well-established vendors. Bardon's software products are designed to be compatible with all major anti-virus offerings.

Requirement 6: Develop and maintain secure systems and applications

Bardon's software products can provide a solid security layer under any Windows application. They offer many layers of protection including File Control, Window Control, and Allowed Programs to protect data stored on the computer, as well as protecting data stored elsewhere that is merely accessed through that computer. They can limit access to certain users by many means.

Implement Strong Access Control Measures

Requirement 7: Restrict access to cardholder data by business need-to-know

Bardon's software products restrict access to those with correct passwords, and by other means, as needed. They harden the operating system so that even systems with weak logon ID capabilities can address this requirement. After logon, they monitor all activity in real-time to track who is using what program, and create logs of system activity that can be set to a highly detailed level, down to tracking individual keystrokes for each user if desired.

Requirement 8: Assign a unique ID to each person with computer access

This is generally accomplished with a logon ID. Bardon's software products harden the operating system so that even systems with weak logon ID capabilities can address this requirement. After logon, they monitor all activity in real-time to track who is using what program.

Requirement 9: Restrict physical access to cardholder data

Bardon's software products restrict computer access to those with appropriate access credentials, even on operating systems that cannot do this inherently. It is also important to limit physical access, for example by keeping important disk drives and tape backups securely under lock and key.

Regularly Monitor and Test Networks

Requirement 10: Track and monitor all access to network resources and cardholder data

Bardon's software products can be configured to log all "allowed" access to cardholder data, and to forbid other access.

Requirement 11: Regularly test security systems and processes

By offering a solid and testable security layer, Bardon's software products can assist in this staff procedural requirement.

Maintain an Information Security Policy

Requirement 12: Maintain a policy that addresses information security

Bardon's software products can be an integral component in addressing information security. Their comprehensive features can log and monitor all program usage, prevent unauthorized access, and lock down the system so only allowed processes can take place. Significant administrative tools allow administrators to oversee and monitor the usage of multiple systems.

Stringent PCI Requirements

The PCI Security Council is explicit about the standards necessary for payment account security. Though the anti-virus, firewall, and encryption requirements can be readily addressed through a variety of industry-standard offerings (free open-source products, options included with Windows, and other solutions), the remaining PCI requirements can prove to be problematic. Bardon's software products address the many parts of the PCI workstation security requirements that cannot be handled by these other offerings. They harden the Windows computer to a level equal to or exceeding the standards specified by the PCI Security Council.

Conclusion

The PCI security standards present unique challenges to system administrators who must incorporate them into a larger IT infrastructure. Bardon's products WinU, Full Control, and Full Control Internet provide practical tools to address PCI security requirements in your Windows computers.