Connect Srl

CARDHOLDER PCI DSS

Close up of credit cards over grey background

CLIENT DESCRIPTION

image001DVR Italia born as a spin-off of an important enterprise of call and contact center that works in technology services area with the aim of develop the know-how and to make it available on market.

The huge experience ripened in database management, in CRM culture and in management of “one to one” relationship allowed to DVR of realizing products and services completes and powerful, joined to an extraordinary ease to use.

A NEW DATACENTER  PCI DSS CERTIFIED

The aim of customer was the building, in a datacenter in Milan, of an IT security and network infrastructure able to respect the PCI DSS standard. This is because the customer has its own software that have the needs of storage information about credit cards and, so, is necessary to respect world standard.

Client requests were the following:

  • Building of a security system with triple bastion firewall
  • Split of services in DMZ networks, development and production networks
  • Redundancy and flexibility of network part
  • Respect of PCI-DSS standard in terms of architecture and security

WHAT IS PCI DSS ?image002                                        

The PCI-DSS standard (Payment Card Industry Data Security Standard) has been elaborated with the aim of standardizing the modalities of credit card data security management by PCI consortium, created by American Express, Discover Financial Services, JCB, MasterCard Worldwide e Visa International.

The responsible entity of PCI protection standard, is a global open forum, born in 2006, that occupies on development, management, information and spreading of PCI protection standard, which include: Standard of data protection (DSS), Standard of data protection for payment applications (PA-DSS) and PIN transactions security (PTS).

The five founders have decided to include the PCI DSS as a technic requirement for all their conformity programs for data security.Every member recognizes the validity for conformity at PCI DSS of QSA and of ASV certified by the responsible entity of PCI protection standard.

PROJECT AIM

The project aim is the building of an IT security infrastructure able to respect both in terms of architecture and in terms of configuration, the PCI-DSS standard.

The infrastructure had to work for putting into service and ready for being checked by certification entity .

SOLUTION, BENEFITS AND CONNECT’S ADDED VALUE

image003The proposed solution to client included speed times for infrastructure production that had to be joined with the needs of conformity.

The Connect-s added value was the use of competences in IT security field joined with team work in order to satisfy quality and rapidity requested by the customer.

The characteristics of the solutions are the following:

  • Architecture witha triple security level
  • Use of IPS technology and AV on perimeter
  • Segregation at 2 or 3 level of networks
  • Use of stacking technology for network part
  • Use of cluster technology for security part
  • Creation of appropriate network services (AAA, NTP, SYSLOG, etc…)
  • Respect of PCI-DSS standard

RESULTS ACHIEVEDimage004

The adoption of a new infrastructure allowed to:

  • Obtain PCI-DSS certification for the infrastructure
  • Production in rapid times of new services supported by Datacenter structure
  • Increase efficiency, security and performance for DVR Italia customers compared to services make available by DVR Italia