Do you know where your report data is? Security for your PCI reports

July 16, 2019 by Lou Grilli, The Decision Maker

A typical credit union downloads its report bundles, daily from its processors. Usually the only option is to store those highly sensitive PCI report bundles on a network drive, with some level of appropriate user access controls. The reports contain 16 digit card number, transaction-level details, and PII of credit union members. However, the network drive is not in a PCI compliant environment. Does this sound familiar? More importantly, do you know where your processor reports are being stored?

More and more Board of Directors and Auditors are getting involved in this area of security and asking pertinent questions regarding storage of information. Even if you do not believe that a data breach is a possibility (which is a false sense of security) this is still not the proper way to store and secure your reports.

There are several tools on the market which can solve this concern for you by extracting the reports, security transmitting the data from the reports using FTPS, and storing the report data in a secure environment, rather than on network drives. A side benefit of taking this action is to transform the report data into searchable data which can be used by analysis tools.

When deciding which tool to use, some of the factors to consider are:

Does the tool provide entitlement rights (access controls) to limit who can access which sets of data?

Do you know where your report data is? Security for your PCI reports

Featured

Leadership is lonely—but you are not alone

Strategic planning vs. strategic thinking

Credit unions can play a role in preventing ‘supply chain’ cyber attacks

Order ahead, stay ahead: Exceeding member expectations

Stay connected to the credit union community with our free newsletter!

You have Successfully Subscribed!