PCI-Compliant File Transfer
Ensure PCI-DSS Compliance with MOVEit Managed File Transfer
Your Challenge
The Long Way to PCI Compliance
If your business deals with credit card payments in any way, then PCI compliance is going to be a fact of life, and an essential part of running your business securely and efficiently. PCI compliance is a critically important step in protecting your customer’s or partner’s payment card data and an equally important step in protecting your business from the dire consequences of a data breach.
What is PCI DSS?
The Payment Card Industry (PCI) Data Security Standard (DSS) is the global data security standard adopted by all organizations that process, store or transmit cardholder data. It consists of twelve critical data security requirements, organized into six sections.
Who is PCI DSS for?
The Payment Card Industry (PCI) Data Security Standard (DSS) is intended for use by merchants, financial processors, point-of-sale vendors, and banks, credit unions and other financial institutions that transmit, process and/or store credit cardholder data.
Our Solution
MOVEit Enables PCI Compliance
MOVEit is a managed file transfer system designed for use with a multi-firewall network that separates a network into different trust zones. MOVEit helps tens of thousands of financial processors, banks and credit unions achieve and maintain PCI Compliance by addressing the four requirements that concern data transfer:
- Developing and maintaining secure applications and systems
- Protecting cardholder data at rest
- Controlling access to cardholder data
- Encrypting cardholder data in transit.
Maintain Network Security
MOVEit Transfer lives in the firewall-protected DMZ where it can be partially exposed to the Internet. MOVEit Automation, deployed on an internal trusted network, can establish connections to the MOVEit Transfer server through a firewall. This establishes a secure connection through which data can be passed to and from your internal network to the outside world. If you prefer not to have your files at rest in the DMZ, you can use MOVEit Gateway in the DMZ and deploy MOVEit Transfer on the trusted internal network.
Protect Cardholder Data in Transit and at Rest
MOVEit supports transfers using secure FTP over SSL/TLS (FTPS), secure FTP over SSH2 (SFTP and SCP2), as well as secure file transfers using HTTPS and the AS2 and AS3 protocols. When at rest, MOVEit uses our MOVEit Crypto cryptographic software to securely store data. MOVEit Crypto has been FIPS 140-2 validated by the US National Institute of Standards and Testing (NIST) and the Canadian Communications Security Establishment (CSE).
Implement Strong Access Control Measures
MOVEit allows users to be designated as belonging to specified role with each role having an appropriate level of privilege. MOVEit Transfer also allows for the specific assignment of folder permissions, protocol access restrictions, IP address restrictions and other limited rights. Passwords and keys are encrypted using secure SSL/TLS and SSH2.
Maintain a Vulnerability Management Program
MOVEit supports integration for external scanning of the files in transit to prevent infected files from being transferred. To maintain the security of all MOVEit products, Progress regularly posts security updates to the customer community.
Regularly Monitor and Test Networks
MOVEit audit logging capabilities are among the most comprehensive offered by any managed file transfer products. Access to MOVEit audit records is controlled so that users can only see events that relate to their organization and/or the groups, users, folders and transfer tasks under their control.
