Advance Your PCI Compliance with Reflection Desktop The Payment Card Industry Data Security Standard is a worldwide standard designed to prevent fraud. Created in 2004 by Visa, MasterCard, American Express, and Discover, it comprises numerous technology and process rules for companies that store, process, or transmit customer account data. Like many requirements, PCI DSS can be challenging for companies with host applications. For starters, it’s constantly changing to keep up with new data breaches. What’s more, most host applications don’t address today’s common security threats, and retrofitting them is costly and laborious.

Reflection Desktop—Data Protection within ReachMore mission-critical applications have been developed for the mainframe than for any other platform, which means that more sensi-tive customer and business data is stored in these screen-based legacy applications than anywhere else. But what if your existing host applications can’t be modified or updated with-out going over budget or spending too much time looking for scarce COBOL or RPG pro-gramming skills?

Micro Focus® Reflection® Desktop terminal em ulation products can help you meet many of the PCI DSS requirements without having to retrofit your existing host applications. In fact, Reflection Desktop builds on the capabilities of previous versions of Reflection Desktop to provide enhanced security and administrative control, making it easier for you to meet PCI DSS requirements even more effectively.

Why Should You Invest in PCI-Compliant Host Software?These days, it’s essential to fully protect cus-tomer data on host systems. In addition to pro tecting it from external threats, you also need to keep it safe from the growing risk of insider misuse and negligence. After all, data breaches not only hurt your customers, but can mean heavy—even catastrophic—fines for your business. This flyer explains how Reflection Desktop host access software can facilitate compliance with PCI DSS requirements.

Prevent Insider MisuseMore and more data breaches are occurring internally, often by trusted employees. Some-times these breaches are the result of theft, but other times they occur because of simple negligence. In its 2010 Annual Study: U.S. Cost of a Data Breach, Ponemon Institute found that 41 percent of breaches in the U.S. in 2010 were caused by negligence.

Product FlyerReflection Desktop

Reflection Desktop at a Glance

Connectivity:

Connect desktop and mobile users to legacy host data banks.

Ease of Use:

Make host apps as easy to use as Office apps.

Manageability:

Manage host sessions with ease.

Security:

Use layers of security to shield data in motion and at rest.

Product FlyerAdvance Your PCI Compliance with Reflection Desktop

2

The volume of applications, processes, and devices in use today means that it’s easier for even experienced users to make mistakes. For example, a single misplaced laptop or flash drive containing unprotected customer data can mean disaster for an organization.

Protect Yourself Against Heavy FinesAlthough the PCI DSS standard is managed by an industry consortium, governments are beginning to legislate PCI DSS compliance. As a result, organizations often face high fines from the government for losing or exposing customer records.

In fact, according to Ponemon Institute, in 2010 the average cost of a corporate data breach in the U.S. was $7.2 million—and growing. Non-compliance doesn’t just put your company’s reputation at risk; it also puts you at financial

risk for lawsuits, insurance claims, cancelled customer accounts, payment card issuer fines, and government fines.

Mask All Forms of Customer DataThe most exciting development in terminal emulation in years is data masking, Reflection Desktop’s patent-pending feature that allows you to hide specific data on live host screens.

PCI DSS Requirement 3 of the PCI DSS stan dard calls for masking or hiding card-holder data when it’s displayed in a payment system. With Reflection Desktop, you can mask all forms of sensitive customer data, including credit card numbers, customer contact infor-mation, social security numbers, national IDs, and account balances. Reflection Desktop even allows organizations to expose or hide sensitive business data based on job function.

What’s more, Reflection Desktop can also re-dact data in real time, as it is being typed into host sessions, putting yet another barrier in the way of insider fraud and human error.

Prevent Host Access via Unsecured Wireless NetworksPCI DSS Requirement 4.1 calls for using strong cryptography and security protocols to safe-guard sensitive cardholder data during trans -mission over open, public networks.

Reflection Desktop has long enabled you to protect data in motion on open networks by securing connections via SSL/TLS or SSH en-cryption. Now, Reflection Desktop allows you to take security a step further by preventing users on unsecured wireless networks from ac-cessing the host. When operating in PCI/DSS mode, you can prevent users from connecting to host systems via less secure protocols or configurations such as a wireless connection.

An unsecured wireless network can offer at-tackers an easy route to your sensitive business data. With PCI/DSS mode, Reflection Desktop allows you to maintain control over the security of your host systems.

Protect Windows and Office Integration PointsPCI DSS Requirement 4.2 calls for never sending unprotected primary account num-bers by end-user messaging technologies, such as Outlook.

Microsoft has built a lot of security into its Windows and Office platforms, but even so, they’re not foolproof. Windows and Office have evolved to include capable, simple-to-use data exchange tools to increase productivity. While these capabilities save time, they also make it possible for an employee to steal sensitive data by copying a social security or credit card num-ber from a host screen, pasting it into a file, or even writing it down.

Reflection Desktop can mask data as it is being typed into host sessions.

3

With Reflection Desktop, you can block access to mission-critical data at Windows and Office integration points, preventing users from copy-ing and pasting cardholder data from a host screen into another Windows application.

Benefit from a Secure Development ProcessPCI DSS Requirement 6.1 calls for compa-nies to protect all system components and soft ware from known vulnerabilities by install-ing the latest vendor-supplied security patches with in one month of release.

We continuously monitor our software products for critical security vulnerabilities. As soon as a security issue is discovered, we fix it in ac-cordance with a secure development lifecycle process and quickly make it available to our maintenance customers. We also document the details in a security knowledgebase article on our website.

All software is subject to security vulnerabilities. Because company networks connect to the Internet, they are open to an increasing variety of attacks. Therefore, it’s crucial that your soft-ware partners leverage a secure development lifecycle process to protect software—and your networks—from outside threats.

Control Data AccessPCI DSS Requirement 7 calls for restricting access to cardholder data by business need- to-know.

To comply with this requirement, you need to be able to restrict data access by job function. Even if each of your managers, call-center em-ployees, and customers has a valid business reason to access cardholder data, you might decide to play it safe by limiting full data access to certain roles.

As a product that is focused on meeting the needs of large enterprises, Reflection Desktop now provides powerful administrative tools for customizing the end-user experience—including

setting specific data access levels for specific job roles. For example, with Reflection Desktop you could allow employees in critical roles to view only the last four digits of a credit card number, and allow others to view no part of that number.

Audit Your Data Access More EffectivelyPCI DSS Requirements 10.2 and 10.2.1 call for implementing automated audit trails to re-construct and log data access events, including anytime clear text cardholder data is accessed.

Reflection Desktop provides feature-rich tools for .NET and VBA developers to integrate this logging information into existing reporting sys-tems. Reflection Desktop can provide the user ID, machine name, type of access (such as live screen, Clipboard, Office tools, and screen

history) and a redacted version of the credit card that was seen by the user. Reflection Desktop interfaces also allow administrators to identify the exact host screen on which a user accessed credit card data.

Protect Your Most Important AssetsBecause security breaches and insider fraud are on the rise, organizations must protect their sensitive data more diligently and comply with standards such as PCI DSS. New Reflection Desktop capabilities go a long way toward se-curing mission-critical data in the enterprise.

Following best practices like those outlined here will help you pass your next PCI DSS audit, pro-tect your valuable data, and maintain something just as priceless: your company’s reputation.

With Reflection Desktop, you can operate in PCI/DSS mode to block data flow over unsecured wireless networks.

With Reflection Desktop, you can give user groups different levels of access to sensitive data.

Micro FocusUK HeadquartersUnited Kingdom+44 (0) 1635 565200

U.S. HeadquartersSeattle, Washington206 217 7100800 872 2829

Additional contact information and office locations: www.attachmate.com

161-000002-002 | A | 09/15 | © 2015 Micro Focus. All rights reserved. Micro Focus, the Micro Focus logo, and Reflection, among others, are trademarks or registered trademarks of Micro Focus or its subsidiaries or affiliated companies in the United Kingdom, United States and other countries. All other marks are the property of their respective owners.

About Micro Focus

Since 1976, Micro Focus has helped more than 20,000 customers unlock the value of their business logic by creating enabling solutions that bridge the gap from well-established tech-nologies to modern functionality. The two portfolios work to a single, clear vision—to deliver innovative products supported by exceptional customer service. www.microfocus.com

With a simple checkmark, Reflection Desktop logs data access events when it is integrated with an organization’s existing data logging and real-time reporting systems.