PCI – DSS Causing Backup Nightmares for Merchants

PCI DSS (Payment Card industry – Data Security Standard) is currently taxing the minds of merchants up and down the land. PCI – DSS is a recently introduced standard by the card suppliers to protect end user customers.

It’s requirements are far reaching – here is what your business must do:

Build and Maintain a Secure Network

Requirement 1: Install and maintain a firewall configuration to protect cardholder data

Requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters

Protect Cardholder Data

Requirement 3: Protect stored cardholder data

Requirement 4: Encrypt transmission of cardholder data across open, public networks

Maintain a Vulnerability Management Program

Requirement 5: Use and regularly update anti-virus software

Requirement 6: Develop and maintain secure systems and applications

Implement Strong Access Control Measures

Requirement 7: Restrict access to cardholder data by business need-to-know

Requirement 8: Assign a unique ID to each person with computer access

Requirement 9: Restrict physical access to cardholder data

Regularly Monitor and Test Networks

Requirement 10: Track and monitor all access to network resources and cardholder data

Requirement 11: Regularly test security systems and processes

Maintain an Information Security Policy

Requirement 12: Maintain a policy that addresses information security

Could you be Breaking Compliance?

Here is the major conflict companies currently have. A robust, offsite backup routine requires data to be stored in a geographically separate location to the source data. This is no different for a PCI DSS compliant business.

Business Example

You run a business that carries out many card transactions daily with all the major card suppliers such as Mastercard and VISA. You are already aware of PCI – DSS and have invested heavily in your network security, and have established a strong firewall to protect your customer data. You have also taken steps to meet the other requirements.

Current Backups

Your legacy backup solution involves taking a daily copy of all data onto a tape or disk. Neither the tape or disk is encrypted – so PCI DSS says you should not even copy the data, let alone take this data offsite.

Warning: The minute this tape or disk is taken offsite you have broken PCI -DSS compliance

How Online Backup Can Help

A Secure Online Backup Service will make your business completely PCI DSS compliant. Your nightly backups will be transmitted securely using strong encryption, and will be held offsite in a secure data centre in encrypted form. At no stage can anyone access your raw data. In the event of a restore being required, you use a simple GUI interface to highlight the files that have been lost, and the files are transmitted back to your network – completely encrypted. Only when the backup data is within my firewalled network will the encryption be unravelled.

Backup Technology already protect many major retailers such as LK Bennett as part of our PCI – DSS compliant online backup service. Please visit www.backup-technology.com for more information

Our Customers

  • ATOS
  • Age UK
  • Alliance Pharma
  • Liverpool Football Club
  • CSC
  • Centrica
  • Citizens Advice
  • City of London
  • Fujitsu
  • Government Offices
  • HCL
  • LK Bennett
  • Lambretta Clothing
  • Leicester City
  • Lloyds Register
  • Logica
  • Meadowvale
  • National Farmers Union
  • Network Rail
  • PKR

Sales question? Need support? Start a chat session with one of our experts!

For support, call the 24-hour hotline:

UK: 0800 999 3600
US: 800-220-7013

Or, if you've been given a screen sharing code:

Existing customer?

Click below to login to our secure enterprise Portal and view the real-time status of your data protection.

Login to Portal