• No results found

FREQUENTLY ASKED QUESTIONS

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "FREQUENTLY ASKED QUESTIONS"

Copied!
5
0
0

Loading.... (view fulltext now)

Download now ( 5 Page )

Full text

(1)

7650WCOURTNEY CAMPBELL CAUSEWAY,SUITE 950 TAMPA,FLORIDA 33607 ULTRAMATICS.COM

813.891-0300

F

REQUENTLY

A

SKED

Q

UESTIONS

Questions:

Business ... 2

 

What does it take to deploy PCI-G from the standpoint of PS and effort? ... 2

 

Functional ... 2

 

Can PCI Guardian work with other Tokenization vendors, if so how? ... 2

 

Can the solution integrate with LDAP for processing? ... 2

 

Can PCI Guardian be used as Payment Gateway? ... 2

 

How do banks access PCI-G? ... 3

 

Can customer support agents drill down on the dashboards to get the Credit Card Info? ... 3

 

Delivery ... 3

 

How long does an implementation take? ... 3

 

Deal-making ... 4

 

What components comprise a software license for PCI-G? ... 4

 

How much is a typical deal (software and services)? ... 4

 

What is the typical IBM portion of the deal? ... 4

 

Competition ... 5

 

(2)

7650WCOURTNEY CAMPBELL CAUSEWAY,SUITE 950 TAMPA,FLORIDA 33607 ULTRAMATICS.COM

813.891-0300

BUSINESS

What does it take to deploy PCI-G from the standpoint of PS and

effort?

While it differs depending on the customer requirements, a deployment will typically be between 3-6 months to get to production. There are packaged service offerings for PCI Guardian to help give focus to customers and the sales process. Please see the “Services One Sheet” supporting the offering.

Factors that typically drive PS include some of the following: number of integrated applications, multi-data center approaches, required customizations vs. out-of-the-box functions, and additional security requirements.

F

UNCTIONAL

Can PCI Guardian work with other Tokenization vendors, if so

how?

Yes it can. PCI Guardian has a robust stateless tokenization solution that provides all of the known capabilities that a customer may desire. This includes more than just tokenizing Credit Card information. A core tenant of the architecture is that of a Service Oriented Architecture (SOA). As such, PCI Guardian is fully flexible to use other tokenization and encryption solutions if they leverage restful or WSDL-based services. By example, it has been integrated with TokenEx.

Lastly, because of the SOA nature of PCI Guardian, any external tokenization vendors can leverage PCI Guardian’s error recovery capabilities as well.

Can the solution integrate with LDAP for processing?

Yes. Because PCI Guardian leverages DataPower, it can be configured for LDAP.

Can PCI Guardian be used as Payment Gateway?

PCI Guardian can call out to Payment Gateways through its secure workflow functions. For instance, the software integrates to Litle (now Vantiv) or other Payment Gateways leveraging standards-based, secure, and robust integration. By itself, PCI Guardian does not provide a

(3)

Page 3 of 5

payment gateway. It seamlessly integrates to one including bring interactions into the unified auditing subsystem of the product.

How do banks access PCI-G?

Interactions to banks can be managed through PCI Guardian’s secure workflows. This allows the software to manage who has access to what data and when. Because of its significant integration capabilities, there is a lot of flexibility in these interactions. Yet, a key principle is that all such interactions are fully managed and audited as a secure workflow capability (not ad hoc insecure PCI data retrieval).

Can customer support agents drill down on the dashboards to get

the Credit Card Info?

Currently dashboard functions do not expose credit card numbers to the out-of-the-box dashboard on purpose: keeping sensitive data squarely in the PCI Zone. Though, such information can be shared using the secure workflow functions. As part of the deployment engagement, such requirements may be explored carefully so not to increase insecure data exposure and integrated with whatever digital surface required. Additionally, flexibility to display only portions of a credit card number (such as the last 4 digits) could be exposed instead of the entire number set.

D

ELIVERY

How long does an implementation take?

(4)

Page 4 of 5

DEAL

-

MAKING

What components comprise a software license for PCI-G?

1. Gateway – secure-zone protected set of integration services. This is the IBM XI52. This is a mandatory new license component for PCI-G.

2. Recovery – secure-zone protected recovery service for transaction failures. This is the IBM XC10 technology or other compatible technologies. This is a mandatory new license component for PCI-G.

3. Tokenenization – data tokenization capabilities as part of the secure-zone architecture. This is the Voltage Tokenization Server or other compatible technologies. This is a mandatory new license component for PCI-G.

4. Workflows – secure workflows supporting security patterns. This is an Ultramatics component of PCI-G. This is a mandatory new license component for PCI-G.

5. PMC – PCI-G Management Console for reports, dashboards, and admin functions. This is a mandatory new license component for PCI-G.

6. Messaging – Messaging queuing services for secure-architected interactions amongst PCI-G components. This is a mandatory new or bring-your-own-license component for PCI-G.

7. Database – Database persistence for the PMC. This is a mandatory new or bring-your-own-license component for PCI-G.

How much is a typical deal (software and services)?

The typical deal is $750-900K, including all software (IBM, Voltage, and Ultramatics) and services (Ultramatics).

What is the typical IBM portion of the deal?

IBM DataPower typically makes up $250-400K of the package. Keep in mind that this solution must run on dedicated DataPower appliances, so these are new sales.

(5)

Page 5 of 5

C

OMPETITION

Doesn’t PCI Guardian compete with other IBM Security Products?

PCI Guardian is complimentary to IBM’s portfolio of security capabilities. PCI Guardian capabilities are tailored for transactional application messages and data privacy. The use cases feature an appliance-centric approach, an error handling subsystem, administration and web-based auditing capability, and more. These capabilities in whole are not found in the IBM portfolio. The value-added software of PCI Guardian brings it together.

There are future roadmap possibilities that even further bring customer value. For instance, IBM Guardium’s data masking capabilities may be an option for some use cases instead of tokenization. Additionally, PCI Guardian may be able to correlate real-time information together with the proactive network alerting together with QRadar’s threat detection rules. Built on an SOA platform with clear interfaces to subsystem components for exception management and eventing, PCI Guardian can smoothly interoperate with additional technologies. These include additional IBM products, as required.

For feedback on this document including updated field intelligence or new questions, please contact

References

Download now ( PDF - 5 Page - 510.07 KB )

Related documents

Evenly convex sets, and evenly quasiconvex functions, revisited

In this paper, we review some of the main properties of evenly convex sets and evenly quasiconvex functions, provide further characterizations of evenly convex sets, and present

Searching for Hif1-α interacting proteins in renal cell carcinoma

So there is a need to study the associations between the marker of hypoxia Hif1-α and proteins related to the main pathways which feed RCC: angiogenic [(VEGF, vascular

Rabo Corporate Connect. User s Guide

Answers to the Frequently Asked Questions can be found on the Rabo Corporate Connect support

BS 5228-3

Limitations on working hours for the site, or part of  it, and the restriction of the noisier activities to less sensitive times or days, can be employed as means of limiting the

Comparative laboratory performance characterisation of silicone rubber textured insulators

The research programme of this thesis, that is, investigating the performance of SiR polymeric insulators under different test conditions is diverse; with tasks including

Design, synthesis, and biological evaluation of 6-Substituted Thieno[3,2-d]pyrimidine analogues as dual epidermal growth factor receptor kinase and microtubule inhibitors

In our results with compounds 6f-h there was a high correlation between the in vitro antiproliferative activity against the cancer cell lines and inhibition of tubulin

Frequently Asked Questions about PCI Compliance

A ny business that accepts credit card payments is required to comply with the Payment Card Industry Data Security Standard (PCI DSS), created in 2004 to establish minimum

mc0088 model paper

--- DATA QUALITY SOLUTION PROVIDES AN ENTERPRISE SOLUTION FOR PROFILING CLEANSING , AUGMENTING AND INTEGRATING DATA TO CREATE CONSISTENT , RELAIABLE ---, WITH S AS DATA