The Home of Tape Encryption


	PCI DSS Principles and Requirements The PCI DSS imposes requirements on merchants to safeguard consumers' credit card information from hackers and other identity thieves. The core requirements are as follows: Build and Maintain a Secure Network Install and maintain a firewall configuration to protect data Do not use vendor-supplied defaults for system passwords and other security parameters Protect Cardholder Data Protect stored data Encrypt transmission of cardholder data and sensitive information across public networks Maintain a Vulnerability Management Program Use and regularly update anti-virus software Develop and maintain secure systems and applications Implement Strong Access Control Measures Restrict access to data by business need-to-know Assign a unique ID to each person with computer access Restrict physical access to cardholder information Regularly Monitor and Test Networks Track and monitor all access to network resources and cardholder data Regularly test security systems and processes Maintain an Information Security Policy Maintain a policy that addresses information security At a high level, these requirements appear straightforward. Note, however, that these 12 Payment Card Industry Data Security (PCI DSS) requirements include over 200 detailed tasks that need to be met. The payment card industry is now enforcing PCI compliance. Non-compliance can result in fines, restrictions or possibly permanent expulsion from card acceptance programs. If your business depends on accepting credit cards, then you have no choice than to become PCI compliant.

	Merchant & Service Provider Levels and Validation Requirements Merchant PCI levels are dependent on the number of transactions that take place annually. The levels are defined as follows: Level 1 - More than 6 million transactions per year or merchants whose data has been compromised Level 2 - 1 million to 6 million transactions per year Level 3 - 20,000 to 1 million transactions per year Level 4 - Less than 20,000 transactions per year Service providers are organizations that process, store, or transmit cardholder data on behalf of the credit card company members, merchants, or other service providers. Service provider levels are defined as: Level 1 - All processors and payment gateways Level 2 - Any Service Provider not in Level 1 and stores, processes or transmits more than 1 million accounts or transactions annually Level 3 - Any Service Provider not in Level 1 and stores, processes or transmits less than 1 million accounts or transactions annually To validate compliance with the PCI DSS, all merchants, regardless of credit card transaction volume, must have their Internet facing systems scanned quarterly by an approved scanning vendor. In addition, all merchants with the exception of level 1 are required to submit an annual self-assessment questionnaire. Level 1 merchants and Level 1 and 2 service providers are required to have an annual onsite security audit by a qualified security assessor. The payment card industry is beginning to enforce PCI compliance. Non-compliance can result in fines, restrictions or possibly permanent expulsion from card acceptance programs. If your business depends on accepting credit cards, then you have no choice than to become PCI compliant.

Paranoia2 is an in-line hardware encryption appliance for SCSI tape drives. This is the straightforward way to encrypt your data during the backup, designed for ease of use. The encryption is completed using the proprietary dual interlaced encryption, developed specifically for the paranoia family.

ParanoiaFF is an in-line hardware encryption appliance for FC tape drives. This is the straightforward way to encrypt your data during the backup, designed for ease of use. The encryption is completed using the proprietary dual interlaced encryption, developed specifically for the paranoia family.

SafeTape is the complete tape solution with built in dual interlaced encryption, unique to the Paranoia Range. SafeTape works with all host systems and will is available with a selection of LTO and DLT drives, offering SCSI, FC or iSCSI interfaces. You will find the right SafeTape for your environment