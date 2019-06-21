App
you are here: HomeNewsTechnology
Last Updated : Jun 21, 2019 06:39 PM IST | Source: Moneycontrol.com

Gresham clears certification for handling cardholder data

The certification is designed to protect cardholder data from theft and applies to all entities that store, process or transmit cardholder data.

Moneycontrol News @moneycontrolcom

Gresham, a provider of real-time financial transaction control and enterprise data integrity solutions, announces that its Clareti Platform and associated software development processes has passed the world's highest safety standards for handling cardholder data.

The Attestation of Compliance to PCI DSS 3.2 is essential for the firm's retail banking clients aiming to protect their customers' data from malicious cyber and other attacks.

The certification is designed to protect cardholder data from theft and applies to all entities that store, process or transmit cardholder data. It comes with strict requirements for developers and manufacturers of applications that deal with this data. Updates to the PCI DSS 3.2 include additional requirements around the use of multi-factor authentication and migration deadlines for removal of Secure Sockets Layer (SSL) /early Transport Layer Security (TLS).

For certification, Gresham demonstrated it employs the required 300+ data protection processes and standards, as well as appropriate quarterly vulnerability assessments and scans.

Commenting on the accreditation, Neil Vernon, Chief Technology Officer at Gresham said, "We recognise card data as being different from other data and apply specific encryption and masking algorithms to ensure confidentiality. From time to time, data integrity issues between the merchant and acquirer may lead to a legitimate and valid need for someone involved in the investigation of an issue to see the entire card data. However, we enforce several measures to protect data integrity including: providing a precise and clear audit of when this happens; time-limiting access to single cards; and securing the audit in at least two separate, persistent stores to eliminate the risk of tampering. We are pleased our processes are being recognised for the PCI DSS certification."

First Published on Jun 21, 2019 06:39 pm

tags #BFSITech #fintech

