Helping BASE24 Customers Meet PCI DSS V4.0

From our market-leading card data discovery to our all new format-preserving tokenization, the Security Compliance Suite from HPE and 4tech Software has always focused solely on helping NonStop users meet their security and compliance obligations.

In 2010 we launched our first product, PANfinder, which as the name suggests, is a payment card data discovery solution designed exclusively for the HPE NonStop platform and specifically for PCI DSS scope verification. You could say it was a bit ahead of its time because it’s only with the advent of PCI DSS V4.0 (Requirement 12.5) that proper scope verification has finally been mandated – until DSS V4.0, scope verification was, unfathomably, only ‘recommended’ by PCI DSS! Our first customer was a large European payment processor which runs both BASE 24 and CONNEX. Since those early days, PANfinder has gone on to be deployed by banks, switches and retailers around the globe. To date, PANfinder has never failed to identify live card data in unknown locations – helping users to address their errant data, reduce their PCI DSS scope and reduce their risk.

Jumping forward 14 years to today, our latest product is the result of several years of development and investment – HPE Tokenator (TK) – which addresses the need for BASE24 customers (or any NonStop user for that matter) to protect their card data at all times. TK protects sensitive data by replacing it with format-preserved tokens, so in the event that any secured data is hacked/stolen, it would be worthless to thieves. TK has multiple implementation options to suit your organisation’s policies and BASE24 environment – from an intercept-based model which requires no application changes, to a more traditional installation using the fully documented Tokenator API. Then there’s the option of vaulted or vaultless tokenization – both of which include the all-important Key Rotation functionality as required by PCI DSS.

Rounding off the Security Compliance Suite is HPE Integrity Detective (ID). ID is both the most user friendly and the most comprehensive integrity monitoring solution available on the HPE NonStop. It’s pointless monitoring all your critical NonStop files if you’re not also monitoring all corresponding subsystem processes (E.G. Pathways, Netbatch, SSH etc.), so we made sure ID does both. From all Guardian and OSS files to all Safeguard objects, to CLIMs and even third-party solution configurations with a COM interface, ID monitors for changes and produces alerts in real-time. As with all our solutions, ID is 100% NonStop based, so there’s no need for any additional hardware or external database and the headaches that brings. While we are NonStop based, we are also enterprise enabled with all of our solutions being able to send events directly to your enterprise SIEM.

The Security Compliance Suite is available exclusively from Hewlett Packard Enterprise. If you have any technical questions or would like to initiate a POC the team at 4tech Software will be happy to help, but for sales information it’s your HPE representative you’ll need to contact.

For more information visit www.4tech.software or speak with your HPE account representative.