Personal Cardholder Information Data Security Standard (PCI-DSS V3)
The INETCO Insight solution has been designed to meet PCI-DSS requirements 3.2, 3.3, 3.4, 4.1, 6.3, and 6.5 concerning storage, display, and handling of sensitive cardholder information. This means that information including Track 1, Track 2, PANs, CVVs, and encrypted PIN blocks is discarded, truncated, or subjected to a one-way hash as appropriate in the operation of the INETCO Insight system.
As a result, sensitive information is never stored by INETCO Insight nor displayed to users of the product in normal operation.
- The INETCO Insight Event Collector component, which monitors network traffic and passes it onto the INETCO Insight Event Processor over an SSL encrypted data link does not store data. For further security, the INETCO Insight Event Collector and INETCO Insight Event Processor may reside on the same physical machine if so desired.
- The INETCO Insight Event Processor component generates a one-way hash of the PAN to use for transaction correlation. It then truncates the PAN by inserting “*” characters prior to storage or display, leaving behind the first 6 and the last 4 characters of the PAN. The original PAN is then discarded.
- The INETCO Insight Event Processor also discards any other sensitive information.
- Special memory management capabilities are used to ensure sensitive information is never swapped to disk.
- Users access the INETCO Insight solution over a web link. This link, like the Event Collector to Event Processor link, is encrypted via SSL.
The INETCO Insight solution does offer a diagnostics logging mode that allows INETCO support engineers to work with systems administrators to fine-tune transaction decoding capabilities during the early phases of a rollout. This feature is turned off by default. Activating it causes INETCO Insight to generate a log of transactions it did not decode properly. This log is kept for 7 days before deletion and may contain sensitive cardholder information. INETCO recommends administrators only use diagnostics logging when absolutely necessary and take appropriate measures to protect and/or destroy the contents of the log file. Customers can also activate file encryption on the INETCO Insight server to protect against access to this log.
If you have any questions regarding INETCO Insight and your security requirements please contact us.
“INETCO Insight's real-time monitoring and threshold alerting capabilities provide our network operations and ATM support teams the ability to proactively isolate the failure point, prior to any customer service disruptions.”
Doug Epp, General Manager