Blogs

Juniper Contrail is PCI compliant

By Erdem posted 09-27-2017 20:41

  

 

The credit card hacks against Home Depot (2014) and Target (2013) are great examples of why security and compliance are so critical. Home Depot ended up paying $25 million to banks, $134.5 million to card companies like Visa and MasterCard and $19.5 million to affected customers. Target spent $290 million related to the breach, which included $10 million settlement with shoppers, $67 million payment to Visa, $20.25 million to banks and credit unions and $19.11 million to MasterCard.

 

People lose trust in merchants and financial institutions when their data is breached or compromised. It is imperative that all banks and other payment processing companies are abiding to a strict security rules.

 

Payment Card Industry Data Security Standard (PCI-DSS) compliance is such a certification which mandates security requirements for cardholder data including card account numbers, name & address, card chip data, PINs, and CVV codes. The security standard is defined and managed by a consortium of card brands (like Visa, Mastercard), issuers (like banks, credit unions) and acquirers (like merchants).

 

Following the PCI DSS requirements ensures healthy and trustworthy payment card transactions and is simply good for business!

 

There are 12 high-level requirements and the annual certification process features varying levels of certification, depending on transaction type and volume.  The highest level of certification, Level 1, must be conducted by a qualified third-party security assessor.

 

These requirements apply to all system components included in or connected to the cardholder data environment - people, processes, technologies that store, process, or transmit cardholder data.  These system components span network devices, servers, computing devices, and applications.

 

Juniper had engaged a third party auditor – Payment Software Company (PSC) to test, review and analyze Juniper Contrail for PCI compliance.

 

The evaluation process included the following:

 

  1. Examination of the architecture, deployment best practices, and operational procedures of the Juniper Contrail platform.
  2. Test execution using automated test tools for Burp Suite, Nessus networking auditing, and a PCI compliance checker encompassing several hundred vulnerability checks.
  3. Analysis of automated and manual test results compared to standard best practices for PCI hardening.

 

The testing process consisted of several rounds of automated and manual testing, with detailed analysis of vulnerability checks on both the infrastructure components and the deployment best practices.

 

The results of the analysis demonstrate that Juniper Contrail provides a secure and compliant networking solution in the cloud for banks, financial services companies, and others who store, process, and/or transmit cardholder data.

 

PSC concluded that the Juniper Contrail solution is capable of supporting an end customer’s PCI DSS v3.2 standard requirements, adhering to the applications security and access policies that are applicable to the cardholder data.

 

To request the detailed results and the audit process, please fill out the following form and we will send you the whitepaper.