PCI Encryption Software

Learn How EncryptRIGHT Can Help You Become PCI Compliant

PCI Encryption Software

The Payment Card Industry Data Security Standards (PCI DSS or PCI) is intended to help you proactively protect customer account data. PCI is a multifaceted security standard that includes requirements for security management, policies, procedures, network architecture, software design and other critical protective measures.

Prime Factors' newest software product, EncryptRIGHT®, was designed to help you achieve PCI compliance. EncryptRIGHT meets all the PCI encryption and key management requirements. It lets you secure cardholder data resting in databases, business applications and customer facing applications. EncryptRIGHT supports the latest in best practices for implementing enterprise-wide encryption and centralized key management. You can use EncryptRIGHT to encrypt individual data items such as names, salary amounts, accounts numbers, SSNs, PINs, image files, and passwords, as well as group items such as credit card information and electronic funds transfer (EFT).

EncryptRIGHT lets you protect cryptographic keys used for encryption of cardholder data against both disclosure and misuse. With EncryptRIGHT, you can generate strong keys, securely protect them, and periodically change them. While PCI requires two or three people to reconstruct a whole key, you can configure EncryptRIGHT to require up to 10 key custodians with each knowing only their part.

Six of the 12 PCI security requirements address encryption and key management, and EncryptRIGHT helps you comply with all six (in bold below):

1. Install and maintain a firewall configuration to protect cardholder data.
2. Do not use vendor-supplied defaults for system passwords and other security parameters.
3. Protect stored cardholder data.
4. Encrypt transmission of cardholder data across open, public networks.
5. Use and regularly update anti-virus software.
6. Develop and maintain secure systems and applications.
7. Restrict access to cardholder data by business need-to-know.
8. Assign a unique ID to each person with computer access.
9. Restrict physical access to cardholder data.
10. Track and monitor all access to network resources and cardholder data.
11. Regularly test security systems and processes.
12. Maintain a policy that addresses information security.

The other requirements relate to policies, procedures and network architecture and should be addressed separately from your EncryptRIGHT security solution.

This document presents a requirement-by-requirement evaluation of how EncryptRIGHT meets PCI requirements.

Even though PCI compliance is no guarantee of 100% protection, the requirements provide a health check for any business that stores or transmits customer information. By adhering to the standards, you maintain customer trust and safeguard the reputation of your brand. Most importantly, you improve your chances of insulating your company from financial losses and remediation costs associated with data loss or theft. In 2008, the cost per record breached was $202, according to the Phonemon Institute, and the cost of lost business was $139 per record.

For additional practical information about PCI DSS try the PCI Security Standards Council website.

EncryptRIGHT overview