+7 (495) 967-14-51 

 Contacts   Sitemap  
Language:  Russian English     Search: 
Main page  →  Solutions  →  Information security of banks  →  PCI DSS Certification
Information security of the commercial organizations
Information security of banks
Information security of banks
Software protection ATMs, payment terminals and self-service devices
PCI DSS Certification
Information security in the government and department organizations




How SafenSoft TPSecure can help with PCI DSS Compliance


Banks issuing payment cards and involved into interaction with at least one of the payment systems such as Visa, MasterCard, American Express, JCB and Discover have to be in compliance with the PCI DSS standards. Certification is held annually and it is expected that the bank has 100% matching criteria.

Below are the business-processes that must be certified by PCI DSS on mandatory basis:

  • Acquiring via POS-terminals or self-service devices.
  • Production and personalization of payment cards.
  • Payment gateway for e-commerce.
  • Merchant-managed Ś-commerce.

PCI DSS Standards compliance provides the bank with a range of opportunities: bank receives a license for Internet acquiring, it can connect its banks-affiliates and use some other privileges of "club members". In contrast, non-compliance with the PCI DSS standards could lead to the prohibition of processing payments via international payment systems. Also, such banks might be fined and the size of its insurance deposit can be increased.

It is important that PCI DSS is not just a list of theoretical requirements that are formally performed for show. The best practices and approaches are investigated globally to become the basement for optimal security standards.

The key tasks are:

  • To improve the security of cardholder data by reducing the number of potentially vulnerable business processes, applications, data repositories, workstations, ATMs, and network devices.
  • To reduce the costs on cardholder data security.

The current version of PCI DSS standards is version 3.2, published in April 2016. Part of the new standards from the version 3.2 will come into force in 2018. For example, the usage of insecure versions of protocols (SSL and TLS 1.0) will be forbidden.

SoftControl TPSecure was designed in cooperation with PCI Security Standards Council and is recommended as an efficient tool to adjust the information security system of the company to PCI DSS 3.2 standards in the part where network endpoints are mentioned: ATM and workstation protection.

Benefits of the SafenSoft Approach

TPSecure, as well as the other SoftControl solutions, is based on proactive protection technologies aimed to keep the integrity of the system configuration and neutralize for malicious code the possibility of falling into the system. The VIPO (Valid Inside Permitted Operations) technology has a unique and highly-effective architecture that monitors and processes the system activity for unexpected and/or unauthorized actions.

Beyond the specific compliance benefits, TPSecure also provides:

  • Proactive protection against unauthorized data access, file system or registry modifications and software changes, delivering entire system integrity. TPSecure maintains systems in a known-good state by controlling unauthorized launch attempts and all process activities in the system.
  • Integration with other security solutions - TPSecure is compatible with most popular corporate security solutions, including antimalware, encryption, and network traffic security, enabling the same policies to be enforced across all endpoints.
  • Background monitoring and logging of all system events - shadow mode provides continuous monitoring of devices using techniques which cannot be detected or tampered by the service personnel. All the data movement, including copying to removable media such as skimmers, is monitored and if it happens an alert is sent to the management console.
  • Granular control over access and use of external USB storage, CDs/DVDs, COM and LPT ports, autorun control and the ability to set exclusions by device type, name, vendor and ID. Protected devices are recognized and accepted, while all others are blocked.
  • Centralized management - TPSecure manages client settings, device and application activity rules and updates system profiles centrally/remotely, enabling policy changes to be applied on-the-fly.
  • Self-protection system - TPSecure processes cannot be stopped or killed, even with high-level administrative rights. Additionally, the client regularly sends heartbeat status reports to the management console.
  • Multiple delivery options - TPSecure can be delivered in various ways, providing flexible integration and deployment capabilities. These include: standard components and settings, custom components and settings based on customer requirements, binary libraries (SDK), or even source code.

PCI DSS Compliance Ė How TPSecure meets the requirements

Build and Maintain a Secure Network

Requirement 1. Install and maintain a firewall configuration to protect cardholder data


TPSecure works with firewall solutions to ensure that application is in a known-good state and keeping it stays that way. Access to firewall application data files and registry keys related to all other applications can be disabled. TPSecure ensures that the firewall solution/settings are not cracked.

Requirement 2. Do not use vendor-supplied defaults for system passwords and other security parameters


TPSecure uses Active Directory synchronization to provide centralized control of security policies and administrative access protection.

Protect stored cardholder data

Requirement 3. Protect stored cardholder data


TPSecure provides protection of stored data, blocking unauthorized access to all sensitive files and folders.

Maintain a Vulnerability Management Program

Requirement 5. Protect all systems against malware and regularly update anti-virus software of programs.


Although the standard talks about antivirus products, it is clear that the intention of this requirement refers to protection against malware ó in any shape or form. TPSecure is recommended not only meets this requirement, but also protects the network from known and unknown threats. TPSecure is unique in that it provides a proactive protection against any malware, including the growing threat of insider attacks. It ensures malware and hackers cannot access or crack the way transaction-processing devices function. When deployed, TPSecure creates system profiles using as a base all installed applications or a predefined application set. It also includes an ability to use third-party information regarding legitimate applications during the profile creation. TPSecure controls all attempts to launch applications. All new or changed applications can be blocked from launching if their checksums are not present in the system profile. Specific application activity rules may also be applied.

Requirement 6. Develop and maintain secure systems and applications


TPSecure prevents vulnerabilities from being exploited by using the application consistency checks and launching potentially vulnerable applications in a secure environment with limited privileges. This also means that patching no longer needs to be a real-time activity; all new OS or application patches can be fully tested before being applied, or avoided altogether, without introducing security risks. TPSecure preserves device integrity with minimal impact on maintenance tasks and maximum flexibility. The system can be locked down completely, or applications can be executed in a secure environment, or individual or group policies can be applied that enable applications be used for predetermined purposes and/or in predetermined circumstances only.

Regularly Monitor and Test Networks

Requirement 10. Track and monitor all access to network resources and cardholder data


When a breach is attempted, along with blocking unauthorized activity, TPSecure issues alerts with a description of where, when and what kind of violation has been occurred. For every application or process, the entire activity history and shadow copies of the changed files can be created. Every breach can be tracked back to its source.

Requirement 11. Regularly test security systems and processes


TPSecure generates alerts on the introduction of unauthorized code or unauthorized file access. The audit log provides easy and timely audit information about endpoint activities. Additionally, TPSecure can send endpoint heartbeats to the management console. If, for any reason, the TPSecure installation is stopped on a remote device, an alert is issued to the management console or to the administrator via e-mail.

Additionally, TPSecure provides acceleration the failure of the penetration tests, preventing malware invasion and keeping the system integrity, the integrity of the particular files and the whole system.

Maintain an Information Security Policy

Requirement 12. Maintain a policy that addresses information security for all personnel


TPSecure contributes to the organizationís incident response plan by making alerts on incidents centrally that is available from across the organization.

PCI DSS Requirements v3.2

Print this page


Computer security: Information security solutions | Host Intrusion Prevention System (HIPS) | Endpoint protection | The best virus protection | Whitelisting | Application Integrity Control | Comprehensive Malware Protection | Application protection | Windows Startup / Registry Protection | Online banking security | Online payment protection | Data leakage prevention (DLP) | Information security in medicine
2009-2021, SafeíNíSec Corporation. Privacy policy