A typical credit union downloads its report bundles, daily from its processors. Usually the only option is to store those highly sensitive PCI report bundles on a network drive, with some level of appropriate user access controls. The reports contain 16 digit card number, transaction-level details, and PII of credit union members. However, the network drive is not in a PCI compliant environment. Does this sound familiar? More importantly, do you know where your processor reports are being stored?
More and more Board of Directors and Auditors are getting involved in this area of security and asking pertinent questions regarding storage of information. Even if you do not believe that a data breach is a possibility (which is a false sense of security) this is still not the proper way to store and secure your reports.
There are several tools on the market which can solve this concern for you by extracting the reports, securely transmitting the data from the reports using FTPS, and storing the report data in a secure environment, rather than on network drives. A side benefit of taking this action is to transform the report data into searchable data which can be used by analysis tools.
When deciding which tool to use, some of the factors to consider are:
- Does the tool provide entitlement rights (access controls) to limit who can access which sets of data?
- Is the data stored 100% encrypted or Tokenized so that at a breach of the data without the keys would yield useless bytes of data?
- Does the environment where the data is stored ensure PCI compliant certification? Is the compliance a one-time event, or is the compliance on-going, for all future data extract/transform/loads, including for additional reports that may come along down the road?
If securing your report data is on your list of priorities, ask us about IronSafe. Our data analytics experts at Trellance will be happy to share the capabilities of this data analytics software with you. Contact us and get the power to use rich data to guide your business decisions.