Gresham strengthens cyber-security posture with PCI DSS 3.2 accreditation
Latest industry recognition ensures Clareti platform customers continue to benefit from the most stringent security accreditations.
London, 20 June 2019 – Gresham, the leading provider of real-time financial transaction control and enterprise data integrity solutions, announces that its Clareti Platform and associated software development processes have passed the world’s highest safety standards for handling cardholder data.
The Attestation of Compliance to PCI DSS 3.2 is essential for the firm’s retail banking clients aiming to protect their customers’ data from malicious cyber and other attacks.
The certification comes as Gresham further enhances its cutting-edge security processes and commitment to world leading data integrity and enables customers to have complete confidence that their data will be completely secure within the Clareti Platform.
The certification is designed to protect cardholder data from theft and applies to all entities that store, process or transmit cardholder data. It comes with strict requirements for developers and manufacturers of applications that deal with this data. Updates to the PCI DSS 3.2 include additional requirements around the use of multi-factor authentication and migration deadlines for removal of Secure Sockets Layer (SSL) /early Transport Layer Security (TLS).
For certification, Gresham demonstrated it employs the required 300+ data protection processes and standards, as well as appropriate quarterly vulnerability assessments and scans. With Gresham’s adaptive and flexible methodology being continuously applied in highly sensitive financial environments, being held to the world’s highest security standards is a necessary mark of commitment to data integrity, a core focus for the firm.
Commenting on the accreditation, Neil Vernon, Chief Technology Officer at Gresham said,
“We recognise card data as being different from other data and apply specific encryption and masking algorithms to ensure confidentiality. From time to time, data integrity issues between the merchant and acquirer may lead to a legitimate and valid need for someone involved in the investigation of an issue to see the entire card data. However, we enforce several measures to protect data integrity including: providing a precise and clear audit of when this happens; time-limiting access to single cards; and securing the audit in at least two separate, persistent stores to eliminate the risk of tampering. We are pleased our processes are being recognised for the PCI DSS certification.”
Aligning any application to these high standards requires specialist knowledge and Gresham provides training and documentation to all of its clients, most of whom need the highest level of application security. Gresham has been PCI DSS certified since June 2016 and continues to update its certification as the standard evolves to address developments in how payment data can be exploited to the detriment of individuals and organisations.