The strict requirements imposed by the PCI DSS have put pressure on many companies to get their act together and ensure that their systems are secure and that cardholder data that they (or their clients) may handle is well protected from hackers and other identity thieves. Quipu Processing’s main customers are members of the ProCredit group, an expanding network of banks dedicated to serving micro, small and medium-sized enterprises and low-income households. There are 20 ProCredit Banks operating successfully in as many different countries in Africa, Latin America and Eastern Europe and the vast majority are running the banking software developed by Quipu.
Quipu also run a number of regional offices and their growing customer base requires their account-holders to be able to use their cards at any time of day, every day of the year and not only on their terminals but also on those operated by other banks.
With credit card fraud on the rise, professional companies like Quipu Processing cannot afford to let their guard down and risk data disclosure to third parties. Conscious of the risks and aware of the consequences, Quipu’s IT department required a solution that helped them to monitor activity on their network and produce the necessary reports that are required by auditors to confirm that Quipu is compliant with the PCI standard.
“As a card-processing company we have been fully aware of the PCI DSS requirements and the need to maintain compliancy with these standards. And this is something that we have been working very hard on for many months,” Mark-Oliver Horst, chief technical officer at Quipu Gmbh explained.
“We had two main technology/compliance issues facing our company – data encryption and key management on one hand, and event monitoring, filtering and notification on the other,” Mr. Horst added.
The collection and analysis of event logs network wide can prove to be a major headache for administrators who have to manage multiple servers, often in different locations within the same building or in different geographical locations. It is physically impossible to monitor each server individually and with thousands of events occurring every day it is extremely difficult to sift through and analyze all of them for events that really matter to the administrator – irrespective of whether the data is required for normal administrative purposes or to meet strict compliance requirements. This is the major challenge that was facing Quipu over the past six months.