Cardholder Data Environment (CDE)
The Cardholder Data Environment (CDE) is part of the network that supports cardholder processing, storage and / or transmission, as well as the components that directly connect to this network. The majority of data breaches in the retail industry involve a compromise of the CDE, which is why it is imperative to take the necessary steps to secure your network.
There are specific requirements outlined by the Payment Card Industry Data Security Standard (PCI DSS) when it comes to the Cardholder Data Environment, including stipulations regarding the authentication of data residing on all virtual and physical components, as well as securing electronic payment.
One of the ways to reduce the scope for a PCI DSS assessment is through network segmentation, which separates systems that store, process or transmit cardholder data from those that do not.
With RetailCompli, we create a CDE by isolating the Local Area Network (LAN), which handles payment traffic, from the rest of the traffic. This ensures that all of the other traffic on the network does not have access to the Cardholder Data Environment, which reduces the risk of a data breach while simplifying the completion of the Self-Assessment Questionnaire (SAQ).
The importance of this cannot be ignored. Not only are you putting your business at serious risk of a data breach if you do not protect the Cardholder Data Environment per the requirements that have been put in place by the PCI DSS, but you could find yourself facing a hefty fine if you are found not to be in compliance.
This is something you don’t need to worry about with the assistance of RetailCompli, as not only will we segregate the LAN from the rest of your network, but also we will take all of the necessary steps to ensure your Cardholder Data Environment is protected and compliant, from regularly monitoring and testing networks, to protecting cardholder data, to implementing strong access control measures. Give us a call today to discover more.