White Papers for Federal Financial Institutions Examination Council (FFIEC)

PCI Data Security Standard

Imprivata

During the last ten years there has been an explosion in the use of Internet-based commerce, as well as a drastic increase in credit and debit card usage in the physical storefront. Despite the best efforts of organizations to protect customer data, consumer fraud and identity theft have hit new highs. According to the U.S. Department of Justice, the number of identity thefts and fraudulent credit card charges reached over four million in the U.S. in 2006. In response to this increased threat, governments around the world have been considering an array of new laws and regulations to systematically combat the problem.
In addition, the banking and credit card industry have spearheaded their own initiatives, including the newly revised Payment Card Industry (PCI) Data Security Standard (DSS). This standard was developed to provide all organizations that deal in credit card transactions with the best tools to combat growing security threats.
As is true anytime we tighten security and policy, there is the potential for a corresponding increase in user complexity and decrease in productivity. A key to success with any regulatory compliance effort is to accomplish measurable goals using policy and controls that are easy for the users to implement and accept. Better usability ensures acceptance and compliance, resulting in better security. Complex, arduous solutions are doomed to user rejection and ineffectiveness.
This paper will examine some of the requirements of the new standard and review identity and
access management technology that can help organizations comply with these regulations in an
efficient and cost-effective manner that is easy for users to embrace.

View the White Paper

Share or bookmarklet this web page at: