Gresham Strengthens Cyber-Security Posture with PCI DSS 3.2 Accreditation

Gresham Strengthens Cyber-Security Posture with PCI DSS 3.2 Accreditation
20.06.2019 10:02 am

Gresham Strengthens Cyber-Security Posture with PCI DSS 3.2 Accreditation

Data
Gresham, the leading provider of real-time financial transaction control and enterprise data integrity solutions, announces that its Clareti Platform and associated software development processes have passed the world’s highest safety standards for handling cardholder data. 
 
The Attestation of Compliance to PCI DSS 3.2 is essential for the firm’s retail banking clients aiming to protect their customers’ data from malicious cyber and other attacks.
 
The certification comes as Gresham further enhances its cutting-edge security processes and commitment to world leading data integrity and enables customers to have complete confidence that their data will be completely secure within the Clareti Platform. 
 
The certification is designed to protect cardholder data from theft and applies to all entities that store, process or transmit cardholder data. It comes with strict requirements for developers and manufacturers of applications that deal with this data. Updates to the PCI DSS 3.2 include additional requirements around the use of multi-factor authentication and migration deadlines for removal of Secure Sockets Layer (SSL) /early Transport Layer Security (TLS). 
 
For certification, Gresham demonstrated it employs the required 300+ data protection processes and standards, as well as appropriate quarterly vulnerability assessments and scans. With Gresham’s adaptive and flexible methodology being continuously applied in highly sensitive financial environments, being held to the world’s highest security standards is a necessary mark of commitment to data integrity, a core focus for the firm. 
 
Commenting on the accreditation, Neil Vernon, Chief Technology Officer at Gresham said, 
 
“We recognise card data as being different from other data and apply specific encryption and masking algorithms to ensure confidentiality. From time to time, data integrity issues between the merchant and acquirer may lead to a legitimate and valid need for someone involved in the investigation of an issue to see the entire card data. However, we enforce several measures to protect data integrity including: providing a precise and clear audit of when this happens; time-limiting access to single cards; and securing the audit in at least two separate, persistent stores to eliminate the risk of tampering. We are pleased our processes are being recognised for the PCI DSS certification.”
 
Aligning any application to these high standards requires specialist knowledge and Gresham provides training and documentation to all of its clients, most of whom need the highest level of application security. Gresham has been PCI DSS certified since June 2016 and continues to update its certification as the standard evolves to address developments in how payment data can be exploited to the detriment of individuals and organisations. 

 

Related News

Tink calls on national regulators to show flexibility around PSD2 implementation deadline to prevent open banking ‘cliff edge’

Open banking platform Tink is calling for National Competent Authorities (NCAs) - the national bodies responsible for overseeing PSD2 in EU member states - ... Read more »

Ossiam releases leveraged US Steepener ETF with Solactive index

At the moment, the US Treasury yield curve sits in the focus of investors. The reason the curve receives such attention lies in its slope, which is as flat as it was way back... Read more »

CryptoCompare’s July Exchange Review shows top ranked exchanges increasing market share, yet lower quality exchanges still dominate

CryptoCompare, the leading provider of cryptocurrency data and indices, today released its ... Read more »

BMLL Technologies launches Derived Data Service for bespoke trading analytics

BMLL Technologies, the cloud-based Capital Markets Data-Engineering-as-a-Service company, today announced the launch of its new Derived Data Service.  The platform enables... Read more »

Xceptor Launches New Podcast 'Unleash Your Data' In The Lead Up to Sibos 2019

Global data ingestion and transformation software provider Xceptor, is launching its new podcast  ‘Unleash Your... Read more »

The Derivatives Service Bureau reveals significant appetite for further data and cybersecurity analysis

The Derivatives Service Bureau (DSB), founded by the Association of National Numbering Agencies (ANNA) to facilitate the allocation and maintenance of International Securities... Read more »

Magazine
ALL
Free Newsletter Sign-up
+44 (0) 208 819 32 53 +44 (0) 173 261 71 47
Download Our Mobile App
Financial It Youtube channel