INETCO & the Personal Cardholder Information Data Security Standard (PCI-DSS)

The INETCO Insight® transaction-centric applicaton performance monitoring solution has been designed to meet PCI-DSS requirements 3.2, 3.3, 3.4, and 4.1 concerning storage and display of sensitive cardholder information. This means that Track 1 and 2 information is either discarded (or masked where appropriate) in the normal operation of the INETCO Insight system.

The INETCO Insight Event Collector component, which monitors network traffic and passes it onto the INETCO Insight Event Processor over an SSL encrypted data link does not store data. For further security, the INETCO Insight Event Collector and INETCO Insight Event Processor may reside on the same physical machine if so desired.

The INETCO Insight Event Processor decodes the data elements and, within the same module, discards or masks security related information such as the PIN and PAN. No logging is done and no display capability is provided until after this deletion and masking is done.

Users access the INETCO Insight application performance monitoring solution over a web link. This link, like the Event Collector to Event Processor link, is encrypted via SSL.

The INETCO Insight application performance monitoring solution does offer a diagnostics logging mode that allows INETCO support engineers to work with systems administrators to fine-tune transaction decoding capabilities during the early phases of a roll-out. This feature is turned off by default. Activating it causes Insight to generate a log of transactions it did not decode properly which is kept for 7 days before deletion. This log may contain sensitive cardholder information. INETCO recommends administrators only use diagnostics logging when absolutely necessary and take appropriate measures to protect and/or destroy the contents of the log file.

If you have any questions regarding INETCO Insight and your security requirements please contact us.

“INETCO Insight has enabled us to guarantee 99.6% service availability, in which 95% of transactions must be responded to in two seconds...”

Richard Kumpis, President