Omni-Gen™ Integration Edition Security Guide > Implementation for PCI Security Standards > Protect Cardholder Data

Protect Cardholder Data

Topics:

The following are recommendations and information for the Protect Cardholder Data requirements.

Requirement 3: Protect stored cardholder data

Recommendations and Information for Requirement 3.1

The source system data should not be exposed directly to Omni-Gen for processing. The source data, which the client has residing in the existing infrastructure, should be protected based on the existing client needs. As the data is presented (on-ramped) into Omni-Gen, the client should select which data is required for processing, and any sensitive data should be properly masked. The client is advised to limit the intermediate storage of data and protect direct access to the data store.

Recommendations and Information for Requirement 3.2, 3.3, and 3.4

For critical and sensitive data, which rests in the data store, the client is advised to follow the data store (database or such) specific PCI compliance instructions for protecting the data store from unintended access.

Requirement 4: Encrypt transmission of cardholder data across open, public networks

The client is advised to use the TLS role-based configuration for consumer facing applications.