NordLayer - Network Security

PCI-DSS Compliance solutions

PCI-DSS compliance can be a technical and logistical challenge for individuals and organizations alike. Our solutions take the guesswork out of compliance and make it easy for you to become PCI compliant.

Man checking NordLayer’s PCI-DSS Compliance solutions
Woman explaining what does PCI-DSS stand for

What does PCI-DSS stand for?

The Payment Card Industry Data Security Standard (PCI DSS) is an industry requirement for securing cardholder data worldwide. Established by the Payment Card Industry Security Standards Council (PCI SSC)—which consists of American Express, Discover Financial Services, JCB International, MasterCard Worldwide, and Visa Inc.—the PCI DSS must be followed if an organization wishes to process, store, or transmit the cardholder data of their customers issued by these card brands.

Women reading to who does PCI-DSS applies

To whom does PCI-DSS apply?

The people, processes, and technology within your organization that interact with or are exposed to payment card information are subject to the PCI DSS. To ensure your organization is PCI compliant, you’ll need to adhere to the 12 requirements, including more than 300 security checks, within the PCI DSS.

REQUIREMENTS

PCI-DSS Controls & Requirements

To achieve PCI compliance, organizations need to follow 12 requirements laid out in the PCI DSS. These PCI compliance requirements fall under six overarching categories that provide an overview of the security controls necessary for PCI compliance.

Build and maintain a secure network and systems

Build and maintain a secure network and systems

  • Install and maintain a firewall configuration to protect payment card data
  • Do not use vendor-supplied defaults for system passwords and other security parameters
Maintain protection of cardholder data

Maintain protection of cardholder data

  • Protect stored cardholder data
  • Encrypt transmission of cardholder data across open, public networks
Maintain vulnerability management program

Maintain a vulnerability management program

  • Use and regularly update anti-virus software or other threat detecting and prevention programs
  • Develop and maintain secure systems and applications
Implement strong access control measures

Implement strong access control measures

  • Restrict access to cardholder data by businesses
  • Assign a unique ID to each person with computer access
  • Restrict physical access to credit card data
Regular monitoring of test networks

Regular monitoring of test networks

  • Track and monitor all access to network resources and cardholder data
  • Regularly test security systems and processes
Maintain an information security policy

Maintain an information security policy

  • Maintain a policy that addresses information security for all personnel

HOW WE HELP

How NordLayer helps get you PCI-DSS compliant

Build and maintain a secure network and systems

NordLayer’s adaptable security solutions can create a cloud infrastructure with secure access to your vital resources — suited to organizations of all sizes.

Network security

Network security

Improve your security architecture to protect your business against advanced threats and malware — our adaptable solutions are made for organizations of all sizes.

SSE

SSE

A multi-layered framework that brings together modern security capabilities such as Secure Web Gateway, Zero Trust Network Access, Cloud Access Security Broker and more.

Network segmentation

Network segmentation

You can set user permissions to limit access to specific resources through network access control.

As a merchant, you have to know where the cardholder's data is going and how it will be stored.

Traffic encryption

Traffic encryption

Whenever customer data or other sensitive information is sent between networks, it may be vulnerable to many attacks. NordLayer encrypts this traffic using AES 256-bit encryption, the most optimal solution to avoiding security incidents and data breaches.

Your system should be tested against vulnerabilities that would allow the execution of malicious code.

Threat prevention

Threat prevention

Stop threats before they reach your people and respond quickly when things go wrong. NordLayer automatically restricts untrusted websites and users, preventing potentially harmful malware or other cyber threats from infecting your device.

Jailbroken device detection

Jailbroken device detection

NordLayer detects devices that are vulnerable to attack and alerts admins immediately.

According to PCI DSS, every user should be assigned unique credentials for accessing critical systems.

IAM

Identity & Access Management

Identity & Access Management ensures all remote users on the network have the correct verification level for using resources, secure data access, and additional information they need — nothing more.

Zero Trust

Zero Trust Network Access

ZTNA focuses on removing implicit trust from any user or device that attempts to gain entry to a company network with a ‘trust none, verify all' approach.

NAC

Network Access Control

Implement a series of security solutions that expand visibility and access management via device and user policies to protect and connect all reaches of the corporate infrastructure.

Virtual Private gateways

Virtual Private gateways

Establish a safe tunnel to connect and transport encrypted data between devices, the cloud, and enterprise servers across the internet.

It’s always a good bet to assume that your company’s network is in someone’s sights.

Activity Monitoring & Visibility

Activity Monitoring & Visibility

Activity monitoring allows admins to react quickly if someone from the organization breaches company security requirements. It also collects helpful information for compliance audits.

Your cybersecurity policy should cover employees, management, and third-party responsibilities.

2FA

Provides an additional layer of protection on your device by setting up multi-factor authentication to log in to NordLayer.

Biometrics

Biometrics

An additional layer of security through face recognition and fingerprint scanning.

SSO

SSO

Single sign-on allows you to use one set of security credentials to access your multiple cloud applications.

User provisioning

User provisioning

In addition to creating user identities in cloud apps, automatic provisioning also includes the maintenance and removal of such user identities as status or role changes.

Network segmentation

Network segmentation

If a certain part of the network is compromised, segmentation ensures that attackers can’t move laterally to continue the harmful activity.

We can help with PCI-DSS Compliance

We Can Help with PCI-DSS Requirements

Contact the professionals at NordLayer for consultation on what solutions are best for your organization. We’ll help you determine what you need to do next to be in compliance with PCI-DSS.

OUR INSIGHTS

NordLayer helps to be regulatory compliant

Achieve regulatory compliance with NordLayer

ADDITIONAL INFO

Frequently asked questions

To get PCI compliant, you will need first to determine which self-assessment questionnaire (SAQ) you should follow. Depending on your SAQ, you will need to implement a set of requirements and controls as outlined in the PCI data security standard.

SecurityMetrics assists small to large businesses identify and implement their PCI requirements.

SAQ stands for self-assessment questionnaire. Depending on an organization’s card transaction volume and the types of transactions it performs, it may be able to use an SAQ to self-evaluate its compliance with the PCI Data Security Standard.

SAQs contain questions about card data security. SAQs range in size from 22 questions (SAQ A) to 329 questions (SAQ D).

There are five risks you face with PCI DSS non-compliance and policy violation:

  1. Monetary fines. Non-compliance can lead to fines from payment processors. Fines range from $10 per month to $1,000 per month or more.

  2. Forensic audits. An organization must provide compliance documents to a forensic examiner during a data breach. In the event an organization has no compliance documentation, the examiner is also required to perform an assessment of the entity controls to determine compliance status in addition to the forensic exam of the data breach.

  3. Payment brand restrictions. Payment brands can place restrictions on organizations such that non-compliant merchants will accept no-card processing. Brands may also completely terminate service in the event an organization does not obtain compliance.

  4. Brand reputation. A data breach will significantly jeopardize brand reputation and customer loyalty. Organizations will be subject to public scrutiny and may lose customer loyalty due to poor credit card information control.

  5. Reactive compliance. Expanding into new technologies without considering compliance, often requires re-engineering or new equipment to become compliant.

There are four PCI compliance levels, which are determined by the number of transactions the organization handles each year.

Level 1: Merchants that process over 6 million card transactions annually. Level 2: Merchants that process 1 to 6 million transactions annually. Level 3: Merchants that process 20,000 to 1 million transactions annually. Level 4: Merchants that process fewer than 20,000 transactions annually.