How Do I Redact My PCI Data?
Traditionally, redacting your PCI information meant using a black marker to obscure the confidential information on a document and then scanning the redacted document into your system, but in nowadays with communication almost entirely digital that is just not feasible anymore. Take this example, for instance, one that I've come across on numerous occasions:
As a CISO you’ve spent months going through all of the pain and processes around enhancing the protection of your card payment systems to ensure PCI compliance requirements, but then one of your employees receives and responds to a customer email containing PCI data. This one innocent email could jeopardise your entire compliance efforts and create a very real and sizeable legal problem for your organization, possibly ending up in hefty fines.
This is something which can be taken care of and managed by your team quickly and accurately. It is called digital redaction; organizations can now embed modular solutions into their current network, allowing them to automate their efforts to scan and automatically redact sensitive information on all digital documentation and communications across your network, meaning you can protect your PCI data before it ever even reaches a user.
What does Redaction Software do?
Redaction tools such as the ones found in our data loss prevention software (SmarterDLP) automatically discovers and redacts (censors and obscures the critical information making it unable to read) PII, PCI, and other vital information in digital documents and communications (both on-the-move and static legacy data) across your entire network. Our data redaction tool works on all of the most commonly used data types and can be implemented by any organization, whether it be in the public or private sector, it could be a FTSE 100 company or even a newly created startup SME. If the software can access your network, then it can see the information, it can redact the information, and it can help to prevent data leakage, adding towards your goal of PCI compliance.
Want to know more about how our SmarterDLP works?... Watch this short explainer video!
So what's the issue?
What can at times appear like a harmless situation, such as a customer sending in their credit card details to accelerate an order, and your sales rep responding to acknowledge, may be placing your business in direct violation of PCI DSS requirements. But How? This is down to your employee, and therefore, your business could have breached PCI rules around the protection, storage and transmission of cardholder data. This unfortunate and unknowing violation is down to the creation of a digital footprint that can multiply throughout your unregulated network and your most commonly used systems such as your email system. The problem is then further amplified when, as per usual your system takes a regular backup, regularly made by organizations to help in a disaster recovery scenario. The SmarterDLPTM
Who can protect my PCI data and offer automated redaction?
Organizations can now secure PCI data and efficiently redact it with the Neocol SmarterDLP solution. Our modular solution is usually installed within a few hours and works quietly in the background with no disruption to your day-to-day systems. The software helps you tackle all of the difficulties around remaining PCI compliant by automating the discovery, scanning, redaction, tokenization, and encryption of any and all sensitive and business critical information. Our SmarterDLP redaction tool offers CISO’s and data security teams the granularity needed to effectively police and protect organizations from data theft, data leakage, and non-compliance, and what's more; it is all controlled from one easy to use dashboard.
To find out more about PCI Data Redaction and further security for your business, contact one of our security specialists today. Alternatively you can Register for a Free Data Risk Assesment, just click here, register your information and we'll be in touch.