Main page  /  Certification for PCI DSS compliance

How SafenSoft TPSecure can help with PCI DSS Compliance


Banks issuing payment cards and involved into interaction with at least one of the payment systems such as Visa, MasterCard, American Express, JCB and Discover have to be in compliance with the PCI DSS standards. Certification is held annually and it is expected that the bank has 100% matching criteria.

Below are the business-processes that must be certified by PCI DSS on mandatory basis:

PCI DSS Standards compliance provides the bank with a range of opportunities: bank receives a license for Internet acquiring, it can connect its banks-affiliates and use some other privileges of "club members". In contrast, non-compliance with the PCI DSS standards could lead to the prohibition of processing payments via international payment systems. Also, such banks might be fined and the size of its insurance deposit can be increased.

It is important that PCI DSS is not just a list of theoretical requirements that are formally performed for show. The best practices and approaches are investigated globally to become the basement for optimal security standards.

The key tasks are:

The current version of PCI DSS standards is version 3.2, published in April 2016. Part of the new standards from the version 3.2 will come into force in 2018. For example, the usage of insecure versions of protocols (SSL and TLS 1.0) will be forbidden.

SoftControl TPSecure was designed in cooperation with PCI Security Standards Council and is recommended as an efficient tool to adjust the information security system of the company to PCI DSS 3.2 standards in the part where network endpoints are mentioned: ATM and workstation protection.

Benefits of the SafenSoft Approach

TPSecure, as well as the other SoftControl solutions, is based on proactive protection technologies aimed to keep the integrity of the system configuration and neutralize for malicious code the possibility of falling into the system. The VIPO (Valid Inside Permitted Operations) technology has a unique and highly-effective architecture that monitors and processes the system activity for unexpected and/or unauthorized actions.

Beyond the specific compliance benefits, TPSecure also provides:

PCI DSS Compliance – How TPSecure meets the requirements

Build and Maintain a Secure Network

Requirement 1. Install and maintain a firewall configuration to protect cardholder data



TPSecure works with firewall solutions to ensure that application is in a known-good state and keeping it stays that way. Access to firewall application data files and registry keys related to all other applications can be disabled. TPSecure ensures that the firewall solution/settings are not cracked.

Requirement 2. Do not use vendor-supplied defaults for system passwords and other security parameters



TPSecure uses Active Directory synchronization to provide centralized control of security policies and administrative access protection.

Protect stored cardholder data

Requirement 3. Protect stored cardholder data



TPSecure provides protection of stored data, blocking unauthorized access to all sensitive files and folders.

Maintain a Vulnerability Management Program

Requirement 5. Protect all systems against malware and regularly update anti-virus software of programs.



Although the standard talks about antivirus products, it is clear that the intention of this requirement refers to protection against malware — in any shape or form. TPSecure is recommended not only meets this requirement, but also protects the network from known and unknown threats. TPSecure is unique in that it provides a proactive protection against any malware, including the growing threat of insider attacks. It ensures malware and hackers cannot access or crack the way transaction-processing devices function. When deployed, TPSecure creates system profiles using as a base all installed applications or a predefined application set. It also includes an ability to use third-party information regarding legitimate applications during the profile creation. TPSecure controls all attempts to launch applications. All new or changed applications can be blocked from launching if their checksums are not present in the system profile. Specific application activity rules may also be applied.

Requirement 6. Develop and maintain secure systems and applications



TPSecure prevents vulnerabilities from being exploited by using the application consistency checks and launching potentially vulnerable applications in a secure environment with limited privileges. This also means that patching no longer needs to be a real-time activity; all new OS or application patches can be fully tested before being applied, or avoided altogether, without introducing security risks. TPSecure preserves device integrity with minimal impact on maintenance tasks and maximum flexibility. The system can be locked down completely, or applications can be executed in a secure environment, or individual or group policies can be applied that enable applications be used for predetermined purposes and/or in predetermined circumstances only.

Regularly Monitor and Test Networks

Requirement 10. Track and monitor all access to network resources and cardholder data



When a breach is attempted, along with blocking unauthorized activity, TPSecure issues alerts with a description of where, when and what kind of violation has been occurred. For every application or process, the entire activity history and shadow copies of the changed files can be created. Every breach can be tracked back to its source.

Requirement 11. Regularly test security systems and processes



TPSecure generates alerts on the introduction of unauthorized code or unauthorized file access. The audit log provides easy and timely audit information about endpoint activities. Additionally, TPSecure can send endpoint heartbeats to the management console. If, for any reason, the TPSecure installation is stopped on a remote device, an alert is issued to the management console or to the administrator via e-mail.

Additionally, TPSecure provides acceleration the failure of the penetration tests, preventing malware invasion and keeping the system integrity, the integrity of the particular files and the whole system.

Maintain an Information Security Policy

Requirement 12. Maintain a policy that addresses information security for all personnel



TPSecure contributes to the organization’s incident response plan by making alerts on incidents centrally that is available from across the organization.

PCI DSS Requirements v3.2

SafenSoft, 2004-2021. All rights are reserved.