PCI Standards: Data Masking and Transformation to Improve Testing Environment
The Payment Card Industry (PCI) Standard applies to all members, merchants and service providers that store, process and transmit credit card information. The PCI Standard also outlines 12 requirements governing secure networks, cardholder data protection and the implementation of strong access controls, particularly in regard to the testing and development environment. The new regulations have left many companies searching for solutions to avoid heavy fines and penalties for data and security breaches.
The PCI Standard specifically requires companies to mask credit card numbers in their test environments and data de-identification allows these companies to meet this requirement. In addition, many other regulations such as the Gramm-Leach-Bliley Act (GLBA) and the Health Insurance Portability and Accountability Act (HIPAA) require data protection in all areas of the enterprise.IBM® Optim™ addresses these problems by de-identifying test data, systematically masking or transforming data elements that could be used to identify an individual. Developers and testers can use realistic test data and produce valid test results, while still complying with privacy protection rules. Optim’s Data Privacy Transformation Library supports generating valid, masked values to de-identify some of the most important customer information, such as social security numbers, credit card numbers and e-mail addresses.
|
|
