Payment Card Industry Data Security Standard

Any organization that processes, stores or transmits payment card data must be compliant according to the Payment Card Industry Data Security Standard (PCI DSS).

Set up by the major credit card suppliers (Visa, MasterCard, American Express, Discover and JCB) this standard is extremely stringent and considered one of the more comprehensive data security standards. Levels of compliance validation are defined based on the volume of transactions, potential vulnerabilities and exposure into the payment system by merchants and service providers.

The Business Challenge

Organizations, such as retail merchants, online payment processors and banks, must protect cardholder information and prevent credit card fraud and other security vulnerabilities.

The PCI DSS Solution

The PCI DSS specifies 12 requirements for compliance, grouped into 6 IT ‘control objectives’.

Safestone’s industry-recognized modular solutions can ensure that these 12 requirements are met on a continual basis.

The following table outlines the 12 requirements for PCI DSS compliance and the specific modular Safestone product that addresses each standard for System i (iSeries) (OS/400).


Build and maintain a secure network

Network Traffic Controller
Risk & Compliance Monitor


Protect cardholder data

Network Traffic Controller


Maintain a vulnerability management program

User Profile Manager


Implement strong access control measures

Network Traffic Controller
User Profile Manager


Regularly monitor and test networks

Security Audit & Detection
Risk & Compliance Monitor


Maintain an information security policy

Risk & Compliance Monitor