If your business processes branded credit card data (such as Visa, MasterCard, American Express, and Discover), you must comply with the Payment Card Industry Data Security Standard (PCI DSS). The requirements were developed and are maintained by the Payment Card Industry Security Standards to reduce credit card fraud and implement increased controls around cardholder information. For companies using the Payara Platform, having a Payara Enterprise subscription helps you maintain compliance.
Summary of PCI Requirements
While there are actually hundreds of PCI requirements for building and maintaining a secure system, they can be summarized by the following:
- Protect cardholder data with firewalls, encryption, masking, hashing, and truncation.
- Track and monitor all access to cardholder data and network resources.
- Perform regular updates of anti-virus software and protect all systems against malware.
- Develop and maintain secure systems and applications and immediately install security patches to fix vulnerabilities.
- Restrict access to cardholder data to authorized personnel on a “need to know” basis.
- Track user activities with logging mechanisms to prevent, detect, or minimize impact of compromised data.
- Regularly test security systems for new vulnerabilities.
- Maintain an information security policy for all employees.
Payara Enterprise Helps Meet and Maintain PCI Compliance
Using the Payara Platform with a Payara Enterprise support subscription helps you tick several check boxes on the PCI compliance checklist. Payara Enterprise offers:
- Monthly release streams
- Priority bug fixes
- Hot fixes for urgent solutions
- Critical security patches and alerts to their availability
- 10-year support life cycle to maintain the security and stability of your applications
- Exclusive access to extensively tested, fully supported binary builds of the Payara Platform
If you’re using the Payara Platform and want some help ensuring you’re maintaining PCI compliance, consider a Payara Enterprise subscription. Our support is provided directly from Engineers to offer fast issue resolution, includes unlimited tickets, access to a private customer knowledge base, and use of fully-supported builds of OpenJDK.
Have questions? Contact us for more info.