Ensure PCI-DSS Compliance with MOVEit Managed File Transfer
MOVEit is a managed file transfer system designed for use with a multi-firewall network that separates a network into different trust zones.
MOVEit Automation and MOVEit Transfer are each capable of doing scheduled, automatic and secure deletion of old files containing payment information.
MOVEit helps tens of thousands of financial processors, banks and credit unions achieve and maintain PCI Compliance
The PCI Data Security Standard (PCI DSS) is the global data security standard adopted by all organizations that process, store or transmit cardholder data. It consists of twelve critical data security requirements, organized into six sections:
The Payment Card Industry (PCI) Data Security Standard (DSS) is intended for use by merchants, financial processors, point-of-sale vendors, and banks, credit unions and other financial institutions that transmit, process and/or store credit cardholder data.
If your business deals with credit card payments in any way, then PCI compliance is going to be a fact of life, and an essential part of running your business securely and efficiently. PCI compliance is a critically important step in protecting your customer's or partner's payment card data, and an equally important step in protecting your business from the dire consequences of a data breach.
MOVEit Transfer lives in the firewall-protected DMZ where it can be partially exposed to the Internet. MOVEit Automation, deployed on an internal trusted network, can establish connections to the MOVEit Transfer server through a firewall. This establishes a secure connection through which data can be passed to and from your internal network to the outside world. If you prefer not to have your files at rest in the DMZ you can use MOVEit Gateway in the DMZ and deploy MOVEit Transfer on the trusted internal network.
MOVEit supports transfers using secure FTP over SSL/TLS (FTPS), secure FTP over SSH2 (SFTP and SCP2), as well as secure file transfers using HTTPS and the AS2, and AS3 protocols. When at rest, MOVEit uses our MOVEit Crypto cryptographic software to securely store data. MOVEit Crypto has been FIPS 140-2 validated by the US National Institute of Standards and Testing (NIST) and the Canadian Communications Security Establishment (CSE)
MOVEit allows users to be designated as belonging to specified role with each role having an appropriate level of privilege. MOVEit Transfer also allows for the specific assignment of folder permissions, protocol access restrictions, IP address restrictions and other limited rights. Passwords and keys are encrypted using secure SSL/TLS and SSH2.
MOVE supports integration for external scanning of the files in transit to prevent infected files from being transferred. To maintain the security of all MOVEit products, Progress support regularly posts security updates to the customer community.
MOVEit audit logging capabilities are among the most comprehensive offered by any managed file transfer products. Access to MOVEit audit records is controlled so that users can only see events that relate to their organization and/or the groups, users, folders and transfer tasks under their control.
To determine the requirements that apply to individual businesses, the PCI Security Standards Council (PCI SSC) created a four-level system for classifying businesses by size and risk. For the most part, small businesses land in Level 4, while Level 1 covers large, multi-national retailers like Amazon and Walmart.
Level 1: Merchants with more than 6,000,000 transactions per year or those that have had data compromised in the past.
Level 2: Merchants with 150,000 to 6,000,000 transactions per year.
Level 3: Merchants with 20,000 to 150,000 transactions per year.
Level 4: Merchants with less than 20,000 transactions per year.