Portnox Helps Financial Services Company Meet PCI-DSS Requirements

Namclear is a Namibian clearing house for interbank transactions, electronic fund transfers (EFT), card, check payments, and settlements with the Bank of Namibia. Namclear’s systems are regarded as critical to business function as they clear domestic interbank transactions, making the company a leading Payment System Operator (PSO).

Namclear’s PCI-DSS Compliance Challenges

As a leading financial institution in Namibia, one of the major concerns for Namclear was achieving compliance with Payment Card Industry Data Security Standards (PCI-DSS). Compliance with these standards is essential to Namclear’s business and value proposition to its customers. The company needed a network visibility solution that could identify which machines were out of PCI-DSS compliance, i.e. missing necessary anti-virus software updates, firewalls and security patches.

The ability to carry out such checks manually was quickly ruled out as Namclear is a medium-sized organization managing over 500 endpoints. In addition, as an organization that plays a critical role in the financial sector, Namclear could not risk the chance for outages arising from manual system-wide updates. Finally, Namclear needed a solution that would allow the organization to control its overall security posture and access for external entities and/or unauthorized parties connecting to the network.

Meeting PCI-DSS Requirements with Portnox

Portnox CORE, an agentless, on-premises network access control solution, was able to answer Namclear’s PCI-DSS compliance and networks security challenges. Specifically, Portnox CORE addressed several PCI-DSS requirements such as: firewall configuration to protect cardholder data; regular updates of anti-virus software; development and maintenance of secure systems and applications; restricting access to cardholder data; assignment of unique ID to each employee with computer access; tracking and monitoring access to network resources/cardholder data; and regular tests of security systems and processes.

Portnox CORE was the favored solution not only because it is agentless, meaning that it can be seamlessly integrated and managed on devices without active end user involvement, but because the solution allows for automated patching and remediation of network security threats, as defined in the security policy. In addition, Namclear was impressed with the ease of implementation and integration with existing user repositories and network hardware, as well as the option for a fully independent deployment of the solution. During deployment, Namclear did not experience an impact in operations. Overall, deploying Portnox CORE is a major enabler in Namclear’s efforts to achieve PCI-DSS compliance.

Complete Enterprise Solutions, a local Namibia Portnox certified partner and PCI Internal Security Assessor, completed the scoping and implementation project using locally certified staff, as well as provide ongoing support to Namclear as a trusted security advisor.

“The financial services sector is under increasing scrutiny to obtain full compliance with PCI-DSS standards and to gain visibility into and control over network endpoints. In order to maintain our status as one of the leading clearing houses for interbank trans- actions in all of Africa, and to sustain our valued partnership with the Bank of Namibia, as well as many other of the country’s leading banks, we needed a robust network security solution that could meet these challenges. By deploying Portnox CORE, we were not only able to achieve compliance with several major PCI-DSS standards, but we gained control over which devices and users access our network. The agentless technology and simple deployment made integrating Portnox’s,” said Wimpie Garbers, IT Manager at Namclear.