GFI
English Deutsch Français Italiano Nederlands Español
Security > PCI DSS

 Find out what our customers say about the GFI PCI Suite!
"I would say the greatest benefit we’ve had using GFI EventsManager is that it has helped Quipu to solve PCI DSS compliance issues."
Mark-Oliver Horst,
Quipu Processing
Credit cards are widespread and their use for online payments is increasing dramatically. However this increase has also brought about a growth in credit card fraud. In March 2007, TJX Companies Inc. disclosed that at least 45.6 million credit and debit card numbers were stolen by hackers who broke into its network. In a bid to tighten up security and prevent similar breaches to that experienced by TJX, all businesses handling credit/debit card data now need to comply with strict security standards drawn up by the world’s major credit card companies including VISA and MasterCard. These requirements are known as the Payment Card Industry Data Security Standard (PCI DSS), and to date these govern all the payment channels including retail, mail orders, telephone orders and e-commerce.

The Payment Card Industry Data Security Standard and GFI Software
Since companies are constantly at risk of losing sensitive cardholder data, which could result in fines, legal action and bad publicity, achieving compliance with the PCI DSS should be high on the agenda of companies who store, transmit or process credit card data. Furthermore, PCI DSS compliance needs to be achieved by December, 2007 – this is the deadline posed by credit card companies. Organizations that fail to comply face fines of up to $500,000 if the data is lost or stolen and risk not being allowed to handle cardholder data.

GFI PCI Suite
GFI Software offers organizations who need to become PCI DSS compliant one holistic solution – the GFI PCI Suite. The GFI PCI Suite combines two award-winning solutions:

  • GFI EventsManager, a complete event log management solution and
  • GFI LANguard Network Security Scanner (N.S.S.), a complete network vulnerability management solution that includes vulnerability scanning, patch management and network auditing.

Read more about the GFI PCI Suite
Download a free 30-day trial of GFI PCI Suite

What is the Payment Card Industry Data Security Standard (PCI DSS)?

The PCI DSS framework is divided into 12 security requirements which can be grouped into three main areas:
  1. Collection and storage of all log data so that it is available for analysis
  2. Reporting on all activity so as to be able to prove compliance on the spot
  3. Monitoring and alerting whereby administrators can constantly monitor access and usage of data and be warned of problems immediately.
Read more about PCI compliance

As from December 31, 2007 all businesses handling cardholder data – irrespective of size – have to be compliant with strict security standards drawn up by the world’s major credit card companies. This includes:

  • Banks and financial institutions
  • Educational institutions
  • Healthcare
  • Hotels and restaurants
  • Government
  • Insurance companies
  • Manufacturing
  • Retail
  • Post offices
  • Technology companies
  • And many more!
Reference material

The following is a list of reference material related to PCI DSS – all material can be accessed for FREE – no registration required.

Additional information

White papers

Checklists

Have a question about PCI DSS compliance?
Find out more by reading our PCI FAQs!
GFI PCI Suite
Find out more about the GFI PCI Suite!
Which information security regulations affect your region?
Use our interactive world map to find out!

 
   © 2008. All rights reserved. GFI Software Home Products Download trials Support Ordering Site map About us Contact us
GFI solutions: anti spam - exchange anti virus - isa server - network vulnerability scanner - event log management - USB security software - exchange archiving - fax server software