Datex helped this company solve their PCI-DSS 3.2 Compliance audit issues, including reducing their audit scope by 95% without any requirement for code changes, application development, or other resource intensive tasks AND how we added Two Factor Authentication (2FA) for all internal users accessing their Cardholder Data Environment (CDE) or other critical systems.
How did we do it? Any organization that ‘stores, process or transmits’ payment card information is required to undertake an annual PCI-DSS 3.2 compliance audit.
A PCI-DSS 3.2 audit is comprised of 12 high level requirements, which contain 240 lower level requirements, where the lower level requirements demand over 400 testing procedures. Almost immediately after commencing the audit, our customer realized that PCI-DSS 3.2 had significant changes from prior PCI-DSS audits, and that they were not able to remediate the issues in the required timeframe. They called Datex to help them solve this problem.
By putting DataStealth in front of their network, DataStealth removed payment card information entirely from their data and documents BEFORE it entered their network. And because their network no longer had any payment card information anywhere, their entire network was deemed out of scope for their PCI-DSS 3.2 audit. As a result, the scope of their annual audit was reduced by 95%.
There was also new requirement of PCI-DSS 3.2 they needed to consider; the requirement for Two Factor Authentication (2FA) for any internal users accessing their Cardholder Data Environment (CDE) or other critical systems. DataStealth can inject a 2FA challenge right into the workflow, without any requirement for code changes, development, or other resource intensive tasks. As an added bonus, we also added 2FA, using Google Authentication, for all end user clients accessing their application. This provided their end users with a more secure experience.
Find out how we can help you with your PCI-DSS 3.2 challenges.