Bill payment and collections specialist allpay.net has deployed a real-time analytics tool to fulful its compliance obligations under the Payment Card Industry Data Security Standard (PCI DSS) for storing and accessing customers’ credit card data.
It is working with network security specialist IDsec to deploy the enVision tool from RSA to enable it to automatically monitor employees' access to network resources and cardholder data and so safeguard cardholder information.
allpay.net hosts more than 30 million financial transactions per year for over 750 public and private sector clients in the UK, resulting in vast amounts of confidential data being stored.
In order to comply with PCI DSS, allpay.net said investing in technology to help improve security and ease auditing concerns over the long term was crucial.
Ian Gough, systems technician at allpay.net, said the firm selected RSA enVision because was easy to integrate into the current IT infrastructure and allowed the firm to capture all the data needed to promote PCI compliance.
“We now know exactly who has accessed customer data, while ensuring that an accurate audit trail is captured and saved,” said Gough.
By using RSA enVision, allpay.net expects to be able to collect, correlate and analyse security and compliance information across the organisation, and track and monitor access to network resources and cardholder data.
It should also be able to manually create reports on the appliance and then automate this process to repeat on a weekly or monthly basis. This built-in reporting process is designed to enable IT managers to respond to business objectives rather than audits.
allpay.net already uses RSA's SecurID tokens for two-factor authentication across their mobile workforce.