PCI DSS Specification Requirements 3 & 4, Protecting Cardholder Data
PCI DSS Requirements 3 & 4 requires cardholder information to be protected at all times whether that information is on the move or at rest.
Stored sensitive personal data such as dates of birth, mothers' maiden names, Social Security numbers, phone numbers and home or delivery addresses must be made secure against theft or loss using strong data encryption.
Whenever cardholder data is transmitted, that data must be encrypted and whilst encryption is important in all forms of credit card transactions it is especially important in e-commerce transactions.
Requirement 3.4.1 states: If disk encryption is used then access must be managed independently of the native operating system. Decryption keys must not be associated with user accounts.
Requirement 4.1 states: Use strong cryptography and security protocols to safeguard sensitive cardholder data during transmission over open, public networks.
SafeTok authenticates users to Windows systems (Vista and Windows 7 only) and controls access to both, data secured by SafeTok Portable Storageand stored in the encrypted partition of a portable storage device (e.g. USB Stick, memory card, biometric SafeTok USB pen drive), and to data secured by SafeTok Secure Drives which is stored in a secure drive created on a local or network hard drive. This authentication is completely independent of the operating system and SafeTok automatically resizes the encrypted partition in real time.
SafeTok Send is our secure managed file transfer service which enables any SafeTok device to securely transmit encrypted files directly to the encrypted partition of any other SafeTok device anywhere in the world whether the owner of the device is online or not.
SafeTok Send enables auto restore if the file transfer process is interrupted and provides complete maintenance of even the most complex file and folder structure.
File transfer size is, to all intents and purposes, independent of the remaining storage space of the receiving SafeTok device as SafeTok Send can “overflow” the encrypted data onto a local or even a network drive.
SafeTok SafeShred provides automated file shredding of either individual deleted file components of encrypted files and folders or entire folder structures ensuring that the deleted data is safe from utilities which offer an undelete facility.
SafeTok Remote Deactivation is provided to disable access to encrypted data stored on either portable devices such as USB pen drives or desktop or laptop machines which are either lost or stolen or to comply with both Data Protection Act and/or WEEE directives when they reach their end-of-life or are being disposed of.
SafeTok Backup will then restore the contents of a lost or stolen drive only to the user who can authenticate themselves correctly to the backup system via their fingerprint.
All Cryptographic keys, fingerprint data, user information and preferences are stored locally in a hidden, encrypted partition, separate from both the public and private partitions, on the users SafeTok drive and are not shared.
SafeTok provides an automatically updated, modular and integrated solution to all of the requirements in PCI DSS Specification Requirement 3.4.1, 3.5, 3.5.1, 3.5.2, 4.1 and 6.1
Compliance with PCI DSS is typically achieved using existing equipment and software and with little or no impact on network infrastructure nor does SafeTok require any particular network management skills.
Costs are negligible, pay back is quick, deployment and therefore compliance is speedily achieved with auditable ongoing security awareness training and up-to-date threat alerts delivered directly to the end user, at log on, via SafeTok InfoShow which is built into SafeToks multi media enabled user interface.