Assisting you to find credit card data before others do
Understanding your credit card data landscape is the first step on the PCI DSS journey.Card Recon is a software tool that audits the storage of credit card data within your corporate network. It is a centralised PCI compliant management platform for identifying storage of sensitive payment card data storage across organisations of all sizes. If you are looking to achieve and/or maintain PCI DSS Compliance this tool can reduce the costs, risks, and lead times associated with PCI compliance.
Searching for the existence of unencrypted credit card data storage is a difficult task which requires a high level of effort to find all storage instances. Card Recon simplifies the process of finding credit card data stores due to its focus on accuracy, coupled with a user friendly interface.
Card Recon provides efficient discovery of stored credit card data within your workstations and enterprise servers. Businesses of all sizes and their QSAs trust Card Recon as an efficient and reliable source for identification & evidence gathering for credit card storage. Card Recon efficiently scans file systems and outputs PCI status report for PCI DSS reviews and assessment’s.
The credit card storage reports generated by Card Recon are accepted internationally by the payment card industry including Qualified Security Assessors to verify your compliant credit card data storage practices.
Card Recon Enterprise Edition is designed to centrally identify systems that store sensitive payment card information in a manner that is not compliant with PCI standards. Card Recon is designed to deliver organisations the benefit of lower compliance costs and reduced auditing and review time whilst further increasing visibility into an organisations PCI Compliance posture. With it's ability to centrally initiate payment card storage audits and generate compliance reports for use in PCI on-site reviews, Card Recon Enterprise Edition is the most accurate solution available for the auditing of stored payment card information.
Centrally managed auditing for non-compliant storage
With its ability to centrally initiate payment card storage audits and generate compliance reports for use in PCI on-site reviews, Card Recon Enterprise Edition is the most accurate solution available for auditing of stored payment card information.
Unrivalled payment card detection capabilities
The core of Card Recon consists of an advanced scanning engine that implements intelligent pattern matching algorithms to interpret and verify findings within a wide variety of data types This results in the highest match rate whilst delivering the lowest false positive rate with more than 98% of false positives eliminated on average.
Enterprise platform compatibility
Whilst offering support for all modern versions of Windows and Linux, Card Recon Enterprise Edition includes specialist support for Enterprise platforms including HP-UX (IA64/PA-RISC), Solaris (x86/SPARC) and AIX (pSeries).
Client-Server deployment model with low network impact
Card Recon Enterprise Edition has been specifically designed to include support for remote site deployments that rely on low-bandwidth high latency networks. All scans occur locally on each host with no use of network file systems or sharing required. Card Recon nodes securely communicate with a pre-configured Card Recon Enterprise master using minimal bandwidth.
Highly efficient scanning engine to ensure users remain productive
Card Recon node deployments do not require excessive system resources to conduct a scan. Throughout a scan users can continue to work without experiencing noticeable disruption or delay due to the Card Recon scanning engine efficiently allocating CPU and memory resources.
Lower the cost of maintaining PCI compliance
No longer are IT resources expending time performing manual audits for PCI non-compliant storage on a system by system basis. Card Recon Enterprise Edition provides centralised control to initiate scans for stored payment card data combined with consolidated reporting in a single view. This results in less time required to prepare for or maintain PCI compliance whilst streamlining the PCI onsite review process.
All hosts across an organisation can be enabled for auditing manual installation practices being used. Card Recon Enterprise Edition Nodes support the use of standard remote software deployment techniques
Once nodes are deployed the Card Recon Control Centre an Administrative user has complete control to initiate scans of individual hosts or on a grouped basis.
Offers the ability to generate a master compliance report quickly and effectively once all non-compliant findings have been resolved. This enables organisations to report on storage compliance in a simple and consolidated way.
Automated PCI compliance monitoring of all desktop and server storage on a 24/7 basis
All organisations that store, transmit or process payment card data are required to ensure they continually maintain and meet their PCI compliance obligations. To assist organisations achieve this requirement, Card Recon Enterprise Edition provides scheduled scanning capabilities to ensure systems within the organisation are continually monitored for non-compliant card storage.
Where individual hosts are suspected of non-compliant card storage, Card Recon Enterprise Edition provides Administrative users the ability to initiate one-off or recurring scans of a single host to ensure ongoing compliance.
Offers the ability to initiate scans across groups of hosts both large and small at any time interval.
Automated generation of reports
Upon completion of a scan, reports can be automatically generated and stored for later review by internal staff responsible for compliance of systems. Additionally these reports may be supplied to PCI QSA's for validation of compliance as part of an onsite review, thereby reducing the costs associated with ongoing PCI DSS compliance.
Features and Benefits
Faster verification of PCI compliance across all card data storage locations within your organisation
Card Recon Enterprise Edition provides a centralised approach to identify and report on any instances of PCI non-compliant storage. This enables an organisation to maintain continuous visibility of storage compliance across any system that form part of PCI compliance scope. The Card Recon Enterprise Console enables administrators to initiate host scans to identify instances of Card Holder Data storage using different views including:
Displays a master level summary of all compliant and non-compliant hosts across an organisation
Provides a detailed view of an individual host to identify specific areas of non-compliance and remediate as appropriate
Prevent non-compliant storage practices from reoccurring
Whilst policies and procedures exist to help prevent non-compliant storage from occurring, users continue to represent a dynamic and unpredictable threat to an organisations ongoing PCI compliance. Card Recon Enterprise Edition mitigates this risk through the ability to highlight any breaches of policies enforcing safe handling and storage of sensitive customer payment data in a centralised manner.
Real-time view of compliance
When using the recurring schedule features of Card Recon Enterprise Edition, organisations are provided with an up-to-date view of their compliance posture in relation to storage of sensitive payment card information.
Full audit history of past scans available
Further support for organisations complying with PCI DSS, Card Recon Enterprise Edition maintains a history of audits performed for all systems. These reports can be used as evidence to confirm regular audits are taking place within an organisation. This feature can also reduce the efforts required of a PCI QSA to verify compliant storage practices are being maintained.
Card Recon is an advanced PCI compliance software tool used to perform cardholder data discovery on desktops and servers.
Card Recon will accurately scan a file system to identify non-compliant storage of payment card numbers issued by major
card schemes including American Express, Diners Club, Discover, JCB, MasterCard and Visa. When a scan is complete Card
Recon provides a simple and easy to read report in a variety of common formats for compliance record keeping or evidence
during a PCI onsite review.
With active deployments in over 44 countries, Card Recon is an industry leading solution that is recognized by PCI Qualified
Security Assessors (QSAs) as a reliable and effective way to establish assurance of compliant cardholder data (CHD) storage
Unrivalled payment card detection capabilities
Card Recon implements intelligent pattern matching algorithms to interpret and verify findings within a wide variety of data
types to achieve the highest data match rate available whilst eliminating more than 99% of false positives.
Simple and easy to use
Card Recon does not require any configuration or setup prior to standard use. Simply run Card Recon on any system for fast
and accurate results.
Detailed reporting facilities
Card Recon offers compliance reporting to enables organizations an ability to retain evidence of compliant storage practices.
Reporting formats include PDF, XML, CSV and Text.
Exclusively designed for PCI Compliance
Card Recon was developed in co-operation with PCI Qualified Security Assessors (QSAs) globally to ensure Card Recon
provides the required levels of accuracy for merchants and service providers when complying with PCI security standards
including PCI DSS and PCI PA-DSS.
Features and Benefits
Saves time and money
The use of simple pattern matching scripts and manual system reviews to verify storage of Card Holder Data is a time
consuming and costly process that offers low accuracy and little accountability. Card Recon streamlines the process of
identifying stored Card Holder Data by enabling a user to quickly and easily initiate a system scan at the click of a button.
Card Recon can be run by users of any level and requires little or no configuration in order to conduct a scan. This offers the
ability for organizations to empower non-IT staff to perform scans of desktops or departmental service in order to verify card
Card Recon saves it's customers time and money for a number of reasons including:
Card Recon has been designed to provide superior levels of accuracy when scanning for Card Holder Data (CHD).
Organizations and their PCI QSAs trust Card Recon to produce reliable results for many reasons including: