May 29, 2013
India, May 27th 2013 - In light of cyber attacks getting increasingly targeted against financial institutions and fraudulent card use becoming more frequent in India, the Reserve Bank of India, India’s central bank, has mandated that banks in India put in place additional factor of authentication for all card not present (CNP) transactions, and introduce security measures to safeguard their customers against cyber attacks and misuse of electronic payment systems.
By June 30, 2013, all banks in India are required to ensure that the terminals installed at the merchants for capturing card payment should be certified for PCI-DSS (Payment Card Industry – Data Security Standards) and PA-DSS (Payment Applications – Data Security Standards). They should also ensure that all existing IP-based infrastructure and solutions are PCI-DSS and PA-DSS certified.
In light of the new security measures and guidelines, Cyber-Ark recommends banks in India to step up their PCI DSS compliance through protecting cardholder information, and payment card and merchant data. This can be conducted by implementing and improving security policies and procedures, as well as implementing and integrating various information security technologies and tools, and adapting existing systems to use these platforms.
The implementation of Privileged Identity Management and Privileged Session Management solutions can help secure, manage and control access to privileged identities and sessions across a wide range of systems in the data centre. By enforcing security policies for privileged account management, banks can minimise risks associated with uncontrolled access to systems that contain cardholder data, create accountability and visibility on usage of privileged credentials, and increase workforce productivity around managing and accessing these accounts.
Cyber-Ark's key security features for PCI DSS compliance include:
- Cyber-Ark's product suites provide banks and financial institutions with end-to-end security and multiple layers of security and encryption
- Cyber-Ark's product suites meet all "Visa Best Practices" for Data Field Encryption
- Cyber-Ark’s Privileged Identity Management (PIM) Suite provides automated management of privileged identities
- Cyber-Ark’s Privileged Identity Management (PIM) Suite provides secure password management that flexibly adapts to any business process
- Cyber-Ark’s Privileged Session Management Suite complements the PIM Suite and provides an efficient and unique control point for managing, securing and monitoring all privileged access and activity regarding the IT environment
- Cyber-Ark’s Sensitive Information Management (SIM) Suite ensures that data at rest and in transit is secure. Cyber-Ark's products offer strong audit and monitoring capabilities
- All of Cyber-Arks's products offer "Dual control" and segregation of duty functionalities
Re-disseminated by The Asian Banker