The Payment Card Industry Data Security Standard (PCI DSS) is a security standard for protecting credit card transactions.
It was established from five previous security programs setup by the major credit card companies, which all shared similar goals. In 2004 the first version of PCI DSS was established, and the major vendors adopted it. There have been several revisions and updates to the requirements since that time. Any organisation that wants to handle data related to credit card transactions, from the main credit card companies, must configure their network and server infrastructure in compliance with the PCI DSS requirements. Failure to do so can result in them losing the ability to store and process credit card transaction data.
Ensuring security of infrastructures used for payment processing and prevention of PII misuse
Covers the use of technologies such as firewalls as well as defines that factory supplied default authentication data and security parameters be changed on network systems.
Mandates the use of regularly updated anti-malware software along with development of secure applications and use of.
Dictates that measures be enacted to ensure that networks security processes are behaving properly and that access to network resources and card holder data is tracked.
Entails that controls be put in place to protect stored data against hacking and that effective encryption methods be used for data in transit.
Involves restriction of access to card holder data based on a need-to-know policy. In other words, card holders shouldn’t be required to provide.
Requires that an information security policy be followed by all personnel along with audits and non-compliance penalties.
Web facing applications are the leading target of cyber-attacks because of the potential gains that can be achieved by those who stage them. Significant losses can be inflicted on organizations that suffer breaches which result in compromised card holder data. Technologies serving and delivering web facing applications must support the satisfaction of PCI DSS requirements. Load balancers accelerate, scale and ensure the availability of web applications. Given their criticality to application deployments and key placement between clients and workload servers customers expect load balancers provide mechanisms to help organizations meet PCI DSS compliance.
Kemp’s LoadMaster is delivered with support for multi-cloud and hybrid cloud environments and is compatible with deployment on a many platform types making it easy for customers to scale and optimize their application infrastructures. Integrated distributed denial of service (DDoS) mitigation, intrusion prevention/intrusion detection (IPS/IDS), authentication verification and web application firewalling (WAF) help customers protect their deployment. Since the load balancer has a requirement to inspect incoming traffic, even in encrypted streams, it’s an ideal placement for these types of services. Kemp does not claim LoadMaster will make an environment fully PCI DSS compliant it helps customers meet the requirements.