 "Best Practices To Help Banks In India Protect Cardholder Info")
In light of cyber attacks getting increasingly targeted against financial institutions and fraudulent card use becoming more frequent in India, the Reserve Bank of India, India’s central bank, has mandated that banks in India put in place additional factor of authentication for all card not present (CNP) transactions, and introduce security measures to safeguard their customers against cyber attacks and misuse of electronic payment systems.
By June 30, 2013, all banks in India are required to ensure that the terminals installed at the merchants for capturing card payment should be certified for PCI-DSS (Payment Card Industry – Data Security Standards) and PA-DSS (Payment Applications – Data Security Standards). They should also ensure that all existing IP-based infrastructure and solutions are PCI-DSS and PA-DSS certified.
In light of the new security measures and guidelines, Cyber-Ark recommends banks in India to step up their PCI DSS compliance through protecting cardholder information, and payment card and merchant data. This can be conducted by implementing and improving security policies and procedures, as well as implementing and integrating various information security technologies and tools, and adapting existing systems to use these platforms.
The implementation of Privileged Identity Management and Privileged Session Management solutions can help secure, manage and control access to privileged identities and sessions across a wide range of systems in the datacentre. By enforcing security policies for privileged account management, banks can minimise risks associated with uncontrolled access to systems that contain cardholder data, create accountability and visibility on usage of privileged credentials, and increase workforce productivity around managing and accessing these accounts.
Cyber-Ark’s key security features for PCI DSS compliance include:
Cyber-Ark’s product suites provide banks and financial institutions with end-to-end security and multiple layers of security and encryption
Cyber-Ark’s product suites meet all “Visa Best Practices” for Data Field Encryption
Cyber-Ark’s Privileged Identity Management (PIM) Suite provides automated management of privileged identities
Cyber-Ark’s Privileged Identity Management (PIM) Suite provides secure password management that flexibly adapts to any business process
Cyber-Ark’s Privileged Session Management Suite complements the PIM Suite and provides an efficient and unique control point for managing, securing and monitoring all privileged access and activity regarding the IT environment
Cyber-Ark’s Sensitive Information Management (SIM) Suite ensures that data at rest and in transit is secure. Cyber-Ark’s products offer strong audit and monitoring capabilities
- All of Cyber-Arks products offer “Dual control” and segregation of duty functionalities