• The Four Hundred
  • Subscribe
  • Media Kit
  • Contributors
  • About Us
  • Contact
Menu
  • The Four Hundred
  • Subscribe
  • Media Kit
  • Contributors
  • About Us
  • Contact
  • nuBridges Tackles PCI Security Mandate with New OS/400 Offering

    May 31, 2005 Alex Woodie

    nuBridges rolled out a new iSeries software and services offering last week designed to help companies that handle credit card data meet the impending deadline for complying with the Payment Card Industry (PCI) Data Security Standard mandate. nuBridges truExchange PCI Secure enables OS/400 shops to implement encryption within their DB2/400 fields and Internet transport mechanisms, and is designed to prevent the theft of credit card information.

    If you’ve never heard of the credit card industry’s PCI Data Security Standard or Visa’s Cardholder Information Security Program (CISP) that it’s modeled after, you’re not alone. With so many other compliance mandates, such as Sarbanes-Oxley, HIPAA, and even the California Privacy Act, clamoring for attention from IT professionals these days, the attempts by the credit card industry to put a cap on fraud largely have been lost in the crowd.

    But people are starting to take notice. Visa has set a June 30 deadline for compliance with its CISP mandate, which sets standards for the handling of credit card data and the overall security of computer systems, and it plans to penalize companies up to $500,000 per incident after that, and may even kick companies out of its network. The industry’s plans have been bolstered by several highly visible breaches of consumer data since January, including the theft of credit card information from 5 million consumers.

    With 30 days to go before Visa’s deadline, the phone has been ringing off the hook at nuBridges for help with the PCI Data Security Standard. “That $500,000 speaks pretty loud,” says Gary Palgon, nuBridges director of product management. “Whereas the government doesn’t typically come down and say ‘Here’s the mandate, the exact date, and the amount you pay if you don’t comply,’ when it comes to the corporate level, there’s not much room for error or subjective-ness.”

    nuBridges also is being specific in how it can help OS/400 shops comply with the PCI Data Security Standard and Visa’s CISP. Last week the Atlanta-based company launched nuBridges truExchange PCI Secure, a collection of five components–including PCI Encryption, PCI Secure Transaction Manager, PCI Audit, PCI Storage, and PCI Conversion–which span previously available products, and some new functionality.

    The Encryption component enables companies to do on-the-fly, field- and file-level encryption and decryption of DB2/400 data, using 3DES and AES 256 algorithms, and either passwords or PKI certificates for authentication. (Credit card numbers must be encrypted at all times under the PCI Data Security Standard.) The Secure Transaction Manager brings SSL encryption to data sent over FTP, and also lets users navigate through firewalls and proxies, while PCI Audit logs all activity related to the access of credit card data, and ensures that any sensitive data contained in those logs is also encrypted. PCI Storage is used to secure backups, and provides field-level encryption for data that hasn’t already been encrypted.

    Some of the new functionality resides in the last component, called PCI Conversion. An adaptation of a tool used in Y2K remediation projects, PCI Conversion enables OS/400 shops to implement field-level encryption, without making changes to the database. The tool has been adapted to enable companies to encrypt and decrypt 16-digit credit card numbers on the fly, and to do so without changing predefined file layouts.

    The capability to provide encryption on certain database fields, without making any changes to the database, is very important to customers, Palgon says. “For example, one company with hundreds and hundreds of stores, to make a database change, it has to go through the CIO. It’s huge, and there’s no way they can get that massive of a change done by June 30,” he says.

    Do-it-yourselfers can utilize OS/400 APIs to implement encryption into their DB2/400 data stores, Palgon says, “but you still have to become an encryption guru to use it. IBM includes base functionality, but not at a business level,” he says.

    nuBridges, which obtained its OS/400 expertise with its acquisition of TrailBlazer Systems last year, is targeting the iSeries with truExchange PCI Secure. “Our reputation and experience as security and encryption experts for the IBM eServer iSeries platform enabled us to offer a comprehensive solution to the CISP mandate from Visa,” says Rich Brown, vice president of sales at nuBridges.

    In addition to encryption for DB2/400, secure FTP, and logging capabilities, nuBridges truExchange PCI Secure offering also includes professional services to help companies bring other aspects of their IT systems into compliance. For example, there are many companies still using POS systems based on OS/2 and DOS operating systems, Palgon says.


    All in all, truExchange PCI Secure addresses about 25 specific PCI Data Security Standard mandates, according to a nuBridges data sheet. Companies can gauge how close they are to complying with the mandate using this PCI self-assessment questionnaire (in PDF format).

    Compliance with the PCI Data Security Standard is a pass-fail prospect, and companies that are certified must satisfy all requirements. Companies processing six million transactions per year or more must undergo a “PCI scan” by an authorized PCI scan provider before they are considered compliant. By June 30, all companies are required to be compliant, although only those processing more than 20,000 transactions per year are required to prove it by submitting documentation to merchant banks, which face penalties if they don’t check.

    Share this:

    • Reddit
    • Facebook
    • LinkedIn
    • Twitter
    • Email

    Tags:

    Sponsored by
    Focal Point Solutions Group

    A CloudSAFE Company

    The Power of Services:
    IBM Cloud and Managed Solutions

    Upgrade your business processes, and save time and resources with specialized, best-in-class IT solutions.

    Managed, Cloud, and Custom Solutions

    Managed Services

    • Infrastructure Monitoring & Management
    • Server Patching
    • Application Patching
    • Managed Backup
    • High Availability/Disaster Recovery Monitoring
    • Cloud Environment Monitoring
    • Office 365 Management
    • Endpoint Management
    • Managed Colocation

    Cloud Infrastructure

    • IBM i Private Cloud
    • IBM AIX Private Cloud
    • VMware Private Cloud
    • VMware Cloud Director
    • Multi-Tenant Cloud
    • Desktop as a Service

    Data Protection & High Availability

    • Disaster Recovery as a Service
    • Backup as a Service
    • IBM i Vaulting

    Security

    • Security Consulting
    • Remote Security Awareness Training & Education
    • Onsite Security Awareness Training & Education
    • Phishing Tests
    • Penetration Tests
    • Mail Security
    • Managed Detection & Response
    • Managed Firewall
    • Endpoint Protection
    • Vulnerability Management
    • Vendor Risk Assessments
    • Security Risk Assessments

    Professional Services

    • Server Virtualization
    • Data & Infrastructure Migrations
    • Hardware & Software Installation
    • Microsoft Office 365 Implementation & Migration
    • Infrastructure Assessments
    • IBM i Consulting
    • IBM AIX Consulting

    Focal Point provides all the tools you need to protect your data, ensure the integrity of your IT infrastructure, and keep your business running.

    Contact Focal Point to Learn More About Our IBM Solutions and Partnerships

    Follow us on LinkedIn

    focalpointsg.com

    Share this:

    • Reddit
    • Facebook
    • LinkedIn
    • Twitter
    • Email

    Admin Alert: Configuring Windows Desktops to Use SSO Maximum Availability Unveils New HA and DR Products

    Leave a Reply Cancel reply

Volume 5, Number 22 -- May 31, 2005
THIS ISSUE
SPONSORED BY:

ACOM
SoftLanding Systems
Patrick Townsend & Associates
Guild Companies
WorksRight Software

Table of Contents

  • Intel Partnership Doesn’t Hurt iSeries Strategy, JDA Software Says
  • Lakeview Adds Autonomic Features to HA Product Line
  • Symtrax Adds Automation to StarQuery Reporting Tool
  • nuBridges Tackles PCI Security Mandate with New OS/400 Offering

Content archive

  • The Four Hundred
  • Four Hundred Stuff
  • Four Hundred Guru

Recent Posts

  • IBM i Development and Modernization is Getting A Fresche Start with Some Ground-Breaking Subscriptions
  • CloudSAFE And Focal Point Solutions Group Combine Services, Unify Brands
  • Guru: Partitioning Result Sets Using SQL
  • As I See It: Elusive Connections
  • IBM i PTF Guide, Volume 25, Number 47
  • AWS Inks Deal With Connectria To Have a Power Play
  • IBM i Shops Have Alternatives to Db2 Web Query
  • Eradani Lays Waste to API Payload Restrictions
  • Four Hundred Monitor, November 15
  • Old PHP and Other PASE Apps Break on IBM i 7.5

Subscribe

To get news from IT Jungle sent to your inbox every week, subscribe to our newsletter.

Pages

  • About Us
  • Contact
  • Contributors
  • Four Hundred Monitor
  • IBM i PTF Guide
  • Media Kit
  • Subscribe

Search

Copyright © 2023 IT Jungle