Extend. Manage. Secure. More than 30 years in the business. Over 65,000 customers.
Contact Attachmate
1.800.872.2829
How to Buy
Evaluate

PCI DSS Compliance, Security, and Fraud Prevention

What Is PCI DSS?

PCI DSS (Payment Card Industry Data Security Standard) is an industry standard created to prevent payment card fraud and create consistent security measures across all uses of payment card information. It is maintained by the PCI Security Standards Council—an open forum founded by the major credit card companies. Since PCI DSS is an industry standard, there are no government penalties for violations. But businesses that fail to comply may be restricted in their use of credit card services.

Why Luminet?

  • Cross-platform monitoring and correlation
  • Investigation Center and case management system designed for fraud analysts
  • Robust analytics and reporting tools
  • Visual replay of application screens (for host and web apps)
  • Custom heuristics and rules
  • 100% visibility into all user activity

See Luminet in Action! Sign Up for a Live Demo

PCI DSS Compliance Requirements

The standard lists 12 compliance requirements to be implemented by organizations that store, process, or transmit cardholder data. These include policies on:

  • Maintaining a secure network.
  • Protecting stored or transmitted cardholder data.
  • Ensuring systems security.
  • Limiting access to cardholder data.
  • Monitoring and testing networks and systems.

PCI DSS Compliance and Fraud Prevention Challenges

One of the toughest fraud prevention challenges of PCI DSS comes from section 10.2.1, which requires organizations to “implement automated audit trails for all system components to reconstruct all individual user accesses to cardholder data.” In addition, section 10.2.2 requires that “all actions taken by any individual with root or administrative privileges” must be included in the audit trail.

These requirements are challenging for one key reason: Most applications, both legacy and modern, do not include a logging mechanism that provides a complete history of user access to cardholder data. In many cases, logs include only update actions and not user queries and other read-only actions. An audit of all individual user access must include read-only activity in order to be complete.

The Luminet Solution

Luminet fraud monitoring software records user activity in real time—screen by screen, keystroke by keystroke—creating an audit trail directly from the network. This audit trail includes both update and read-only actions for both regular and privileged users.

Luminet stores this information in a secure repository, from which you can conduct powerful full-text searches through current or recorded activity. These searches allow you to visually play back every screen and keystroke relevant to your audit.

Custom dashboards, graphs, and reports enable your internal auditors to see the big picture at a glance and zero in on activity that puts PCI DSS compliance at risk.

Built with Substantial Business Process Functionality

Learn how Luminet detects and prevents fraud in the banking industry.