A typical credit union downloads its report bundles, daily from its processors. Usually the only option is to store those highly sensitive PCI report bundles on a network drive, with some level of appropriate user access controls. The reports contain 16 digit card number, transaction-level details, and PII of credit union members. However, the network drive is not in a PCI compliant environment. Does this sound familiar? More importantly, do you know where your processor reports are being stored?
More and more Board of Directors and Auditors are getting involved in this area of security and asking pertinent questions regarding storage of information. Even if you do not believe that a data breach is a possibility (which is a false sense of security) this is still not the proper way to store and secure your reports.
There are several tools on the market which can solve this concern for you by extracting the reports, security transmitting the data from the reports using FTPS, and storing the report data in a secure environment, rather than on network drives. A side benefit of taking this action is to transform the report data into searchable data which can be used by analysis tools.
When deciding which tool to use, some of the factors to consider are:
- Does the tool provide entitlement rights (access controls) to limit who can access which sets of data?
continue reading »