PCI DSS in real life -- Requirement 1 Firewall

Excerpt: Critical to the selection was choosing a vendor that best met PCI DSS (Payment Card Industry Data Security Standard) requirements. For this, ePlay turned to WatchGuard to provide the instrumental role in PCI DSS requirement 1 - Install and maintain a firewall configuration to protect cardholder data.

Editors Note:  Regulations too often become a bullet point and lose there practical effect on a project. PCI compliance is that way with self-service terminals.  Many kiosks that handle credit card data do not have firewalls installed on them either for wired or wireless access. Here is example of firewall selection.


SAN FRANCISCOApril 22 /PRNewswire/ -- RSA -- WatchGuard(R) Technologies, a global leader in extensible network security and connectivity solutions, today announced that ePlay, an innovator in the DVD rental business, has selected WatchGuard solutions to provide PCI DSS compliant firewall security, and to protect thousands of remote DVD and video game disc rental kiosks as well as ePlay's back-end data center.

"After evaluating Cisco, and other network security vendors, ePlay standardized on WatchGuard for their high security, performance, reliability and unbeatable total cost of ownership," said David Stellmack, Senior Systems Engineer at ePlay. "This is a mission-critical network comprised of remote kiosks and a data center transacting a large volume of payment card transactions. With WatchGuard in place, we can drive down costs, reduce time to market, and increase our provisioning process by twofold."

PCI DSS Compliant Protection

Critical to ePlay selection was choosing a vendor that best met PCI DSS (Payment Card Industry Data Security Standard) requirements. For this, ePlay turned to WatchGuard to provide the instrumental role in PCI DSS requirement 1 - Install and maintain a firewall configuration to protect cardholder data.

To do this, each ePlay kiosk is armed with a WatchGuard Firebox Edge appliance to provide firewall, intrusion detection/prevention services, and highly secure VPN network connectivity. For remote kiosks, such as those located outdoors, ePlay utilizes the WatchGuard 3G Extend family of wireless connectivity solutions. With it, triple-DES encrypted VPN tunnels carry payment card and other sensitive data via 3G cellular networks. This gives ePlay maximum flexibility for kiosk deployments, usage models and most importantly, strong cardholder data security.

With hundreds of remote firewall appliances to manage, and thousands more to come in the next few years, ePlay relies on WatchGuard System Manager, which provides ePlay with a PCI DSS friendly, free software solution to manage and upgrade remote WatchGuard appliances.

At the data center, a pair of WatchGuard X Peak 8500 e-series, running in high availability mode, terminates remote kiosk VPN tunnels. As required by the PCI DSS, this network of cardholder data is completely walled off and separated from ePlay's corporate network and online reservation architecture, which are protected by other WatchGuard firewall appliances.

Stellmack concludes, "I've looked at other kiosk vendors and shudder at their approach to security; I don't think they're deploying anything even close to enterprise-level security for credit card transactions. We would rather be over-secure, and WatchGuard helps provide that."

About e-Play, LLC

e-Play is a revolutionary way of marketing, delivering and purchasing DVDs and Video Games: a high-tech DVD rental platform combined with the ability to buy/sell/trade video games all in a single machine. e-Play provides the technical innovation for its units to hold thousands of discs, convert used discs into cash or credit at the retailer and perform a playability check on every disc dispensed. The machines include new releases and catalog titles and feature an interactive touch LCD screen playing trailers and interactive advertising. Founded in 2005 and headquartered inColumbus, Ohio, e-Play Makes it Easy to Find the Movies - and now, the Games - You Want.

About WatchGuard Technologies, Inc.

Since 1996, WatchGuard(R) Technologies, Inc. has been the advanced technology leader of network security solutions, providing mission-critical security to hundreds of thousands of businesses worldwide. The WatchGuard family of wired and wireless unified threat management appliances and WatchGuard SSL VPN remote access solutions provide extensible network security, unparalleled network visibility, management and control. WatchGuard products are backed by WatchGuard LiveSecurity(R) Service, an innovative support, maintenance, and education program. WatchGuard is headquartered in Seattle and has offices serving North AmericaEuropeAsia Pacific, andLatin America. To learn more, visit http://www.watchguard.com/.

Recent Entries

CUPPS: The Platform of the Future (Airline Kiosk)
CUPPS has been architected as the platform of the future, able to accommodate many things even beyond the agent-facing applications…
EMV takes aim at U.S.
Nice article on SecureIDnews covering EMV. by Andy Williams, Associate Editor, Avisian PublicationsLike a massive tidal wave, EMV continues to roll…
Tokenization and Enterprise Security
Nice article on tokenization which also highlights lack of formal standards for tokenization at this time. Credit Card Tokenization: Put All…
Wal-Mart's Kiosk Trial Raises Serious PCI, Data Ownership Issues
Wal-Mart this month became the latest major retailer to experiment with self-service kiosks, selling space in 77 stores for units…
Proximity (NFC) Mobile Payment Technology - Security Whitepaper
The opportunities offered by the advent of proximity mobile payments are clear; differentiated payment services, increased transaction volumes, faster transactions,…
Look Beyond Hospitality Touch Screen Solutions
Whether you realize it or not, touch technology quickly is becoming the intuitive input delivery method of choice. Look no…
Level 4: The small-merchant PCI challenge
While sensational data breaches experienced by big-box retailers and processors fill the headlines, 85 percent of reported data compromises involve…
ATM Card Skimming and Pin Capture
ATM Card Skimming is a method used by criminals to capture data from the magnetic stripe on the back of…
Background - Use of Electronic Health Records in U.S. Hospitals
Report from New England Journal of Medicine on Electronic Health Records. Concludes - very low levels of adoption in U.S.…
PCI DSS in real life -- Requirement 1 Firewall
Excerpt: Critical to the selection was choosing a vendor that best met PCI DSS (Payment Card Industry Data Security Standard)…
User Interface & Content - Can I Use My Website?
Web sites, self-service can play nicely together according to Jim Kruper of Kioware.  With the increasing number of devices that…
Resource Link - Understanding credit card transaction fees
Merchants accounts, gateways and rates. Having your kiosk process credits cards swiped locally (card present) come with regulatory standard considerations…
Whitepaper - Introduction to CFM or Customer Flow Management
CFM or Customer Flow Management systems are found in more verticals/markets than any other application. Here is a technical document…
Compliance Resource: ETA and Electronic Transaction Compliance
Worth noting Heartland Payment Systems and RBS Worldpay have been removed from Visa Inc.'s list of PCI compliant service providers and…
Going beyond current PCI security standards
Acknowledging the need for controls that go beyond those offered by the Payment Card Industry (PCI) Data Security Standard, a senior…
ADA Requirements - Changes in California
In late 2008 the California legislature passed a stronger version of ADA which was Senate Bill 1608. This bill became…
Opinion - Why is Redbox Afraid of the iPhone?
Over the last few years, Redbox has been able to build an impressive DVD rental network by being innovative and…
Research Report - Touchscreen Check-In: Kiosks Speed Hospital Registration
March 2009 -- Patient self-service kiosks are being used with growing frequency in hospital ambulatory settings and emergency departments. These interactive…
Cloud Computing - What is it?
Cloud computing resources question was raised by a member of Health Infomatics group we participate in. Health technology right now…
Heartland Put on Probation for Security Breach
Heartland Payment Systems (HPY), one of the largest credit card processors in North America, is finally being called to the…



  |