PCI DSS compliance via identity and access management

• Version française

This white paper describes how an integrated identity and access management (IAM) solution can help you comply with many areas of the Payment Card Industry Data Security Standard (PCI DSS).

With the rise of electronic commerce, there is a growing public awareness of the dangers of theft of confidential payment card information. PCI DSS is designed to ensure that merchants fulfill detailed security requirements to protect payment card data.

But while the goals of the standard are very legitimate, many organizations have encountered difficulties and delays in implementing PCI DSS.

• Can you restrict access to card data to employees whose jobs require it?
• Even then, can you really identify users of an authorized account?
• How do you review access logs for all card-handling applications?
• Do you track default accounts in all resources that handle card data

As part of a larger PCI DSS compliance drive, IAM can ensure that your decisions are enforced. And you can demonstrate to auditors that risks related to payment card data are under control.