PCI-DSS Compliant Service Oriented Infrastructure

June 29, 2011

The payment card industry data security standards (PCI-DSS) requires increased controls of cardholder information to minimize credit card fraud. Although PCI-DSS compliance is specific to the payment industry, the principles of securing user or subscriber information from leaks or cyber attacks apply to most service providers, enterprises and governments. Such principles have been core to the Layer 7 Gateway solution since its inception.

With its runtime policy enforcement and application level awareness, the Layer 7 Gateway is becoming a preferred component of your PCI-DSS compliant infrastructure. Acting at the perimeter of a service zone, the Layer 7 Gateway authenticates, authorizes and encrypts communications with external entities. Through various pattern recognition mechanisms, the Layer 7 Gateway inspects outgoing messages to filter out unwanted cardholder information leaking from internal systems.

With version 6.0 of the Layer 7 Gateway, Layer 7 Technologies goes beyond encryption and information scrubbing to provide PCI-DSS specific functionality such as a new auditing subsystem which facilitates the obfuscation of card holder information from system logs and audit traces. Version 6.0 of the Layer 7 Gateway also now includes a PCI-DSS Secure Implementation Guide (SIG) manual which covers all the PCI-DSS compliance related settings (you can find this manual from our support portal).