Minimize the Impact of PCI Section 3 on SAP Applications - Paymetric

More documents

Recommendations

Info

A New Approach to Encryption Management for Heterogeneous SAP Environments Today, <strong>the</strong>re’s a new approach to encryption management that <strong>of</strong>fers an array <strong>of</strong> benefits, both in terms <strong>of</strong> security and ease <strong>of</strong> administration. This approach focuses on using an encryption management server to control and manage not only encryption keys, but <strong>the</strong> underlying data. This approach is based on two key facets that deliver value throughout an enterprise: Centralization. All credit card numbers stored in SAP and o<strong>the</strong>r business applications and databases are removed from those systems and placed in a highly secure, centralized encryption management server that can be protected and monitored utilizing robust encryption technology. BEFORE Tokenization. Each credit card number that previously resided in SAP or o<strong>the</strong>r applications is replaced with a token that references <strong>the</strong> credit card number. A token can be thought <strong>of</strong> as a claim check that an authorized user or system can use to obtain <strong>the</strong> associated credit card number. In <strong>the</strong> event <strong>of</strong> a breach <strong>of</strong> one <strong>of</strong> <strong>the</strong> business applications or databases, only <strong>the</strong> tokens could be accessed, which would be <strong>of</strong> no value to a would-be attacker. Before Centralization and Tokenization SAP 1 2 3 4 Encryption and key management technology must be implemented on each system in which credit card numbers are stored. Web Store 1 2 3 4 Encryption # # # # # # # # # # # # #### # # # # Encryption #### #### #### Payment App 1 2 3 4 # # # # Encryption # # # # #### © 2008 Paymetric, Inc. All rights reserved. .
#### <strong>Minimize</strong> <strong>the</strong> <strong>Impact</strong> <strong>of</strong> <strong>PCI</strong> <strong>Section</strong> 3 on SAP Applications AFTER After Centralization and Tokenization SAP 1 2 3 4 1 2 3 4 Encryption # # # # Web Store 1 2 3 4 Payment App Encryption and key management technology must only be implemented in a single, centralized system. Benefits <strong>of</strong> Centralizing and Tokenizing Data By implementing this encryption management server approach, companies can realize a range <strong>of</strong> benefits, including a reduced impact <strong>of</strong> <strong>PCI</strong> on SAP, improved security, optimized application integration and performance, and simplified administration. SAP no longer bears <strong>the</strong> full weight <strong>of</strong> <strong>PCI</strong> requirements. Reduced <strong>Impact</strong> <strong>of</strong> <strong>PCI</strong> on SAP By removing stored credit card information from SAP and o<strong>the</strong>r systems to a centralized server, <strong>the</strong> majority <strong>of</strong> focus and energy for <strong>PCI</strong> compliance will be on <strong>the</strong> centralized server. SAP no longer bears <strong>the</strong> full weight <strong>of</strong> <strong>PCI</strong> requirements, nor subsequent modifications that could be determined by a <strong>PCI</strong> audit. Improved Security By centralizing and tokenizing data, organizations gain <strong>the</strong>se security benefits: • <strong>Minimize</strong>d exposure <strong>of</strong> data. As mentioned above, <strong>PCI</strong> requirement 3.1 requires that organizations keep payment data in <strong>the</strong> minimum number <strong>of</strong> locations, and this approach addresses this requirement fully. Security is immediately streng<strong>the</strong>ned by minimizing <strong>the</strong> number <strong>of</strong> potential targets for would-be attackers. © 2008 Paymetric, Inc. All rights reserved. .
Page 1 and 2: Innovative Payment Card Solutions <
Page 3 and 4: Minimize t
Page 5: Minimize t
Page 15: About Paymetric Paymetric, Inc. pro

Minimize the Impact of PCI Section 3 on SAP Applications - Paymetric

Create successful ePaper yourself

Delete template?

Save as template?