Achieving PCI Compliance in Complex Payment Networks
Today, all credit card merchants, service providers and retailers who process, store and transmit cardholder data have a fiduciary responsibility to protect that data and must comply with a diverse range of regulations and industry mandates. Payment networks are particularly at risk from computer attacks and fraud, and the more data collected, the more dangerous the situation becomes. Payment Card Industry (PCI) compliance is just one of the regulatory standards along with Sarbanes-Oxley, the Gramm-Leach-Bliley Act of 1999 and HIPAA. Not complying results in fines, legal exposure, or worse.
But this is easier said than done. Immense volumes of log data are traversing payment networks, necessitating more efficient ways of managing, storing and searching through log data. For example, a typical retailer generates hundreds of thousands of log messages per day amounting to many terabytes per year. An online merchant can generate upwards of 500,000 log messages every day. One of America's largest retailers has more than 60 terabytes of log data under management at any given time.
This whitepaper covers how PCI compliance not only protects businesses and merchants from cardholder fraud, but also satisfies a broader mandate for information protection and security.