IT security has always been a major concern for businesses that accept online credit card payments. They hold sensitive information that malicious hackers are after: cardholder data. This is why such businesses are legally obliged to build IT systems and networks that are PCI DSS compliant.

What Is PCI DSS?
PCI DSS is a security standard developed by the PCI Security Standards Council. Designed for businesses that do online transactions and hold customers’ payment records, it helps them build and maintain secure IT systems and networks, ensuring the privacy and security of their customers’ credit-card details and cardholder data.

The set of standards defined in the PCI DSS are the minimum required level of computer systems security that must be in place when processing credit-card data. These standards apply to merchants, processors, financial institutions, service providers, and any other entity that store, process, or transmit credit-card and cardholder information.

Why Businesses Need to Be PCI DSS Compliant
The challenges of building and maintaining a PCI DSS–compliant network are many and depend on several factors—for example, the type of software used, the network setup, and the procedures in place. If organizations that process credit-card payments and store cardholder details fail to build PCI DSS–compliant networks and computer systems, they risk being fined up to $500,000 per month—or even worse, having their trading licence revoked.

This white paper explains how using Parallels Remote Application Server (RAS) can help organizations build scalable PCI DSS–compliant networks and also save on costs and administration overheads.

A2U, an IGEL Platinum Partner, recently experienced a situation where one of its large, regional healthcare clients was hit by a cyberattack. “Essentially, malware entered the client’s network via a computer and began replicating like wildfire,” recalls A2U Vice President of Sales, Robert Hammond.

During the cyberattack, a few hundred of the hospital’s PCs were affected. Among those were 30 endpoints within the finance department that the healthcare organization deemed mission critical due to the volume of daily transactions between patients, insurance companies, and state and county agencies for services rendered. “It was very painful from a business standpoint not to be able to conduct billing and receiving, not to mention payroll,” said Hammond.

Prior to this particular incident, A2U had received demo units of the IGEL UD Pocket, a revolutionary micro thin client that can transform x86-compatible PCs and laptops into IGEL OS-powered desktops.

“We had been having a discussion with this client about re-imaging their PCs, but their primary concern was maintaining the integrity of the data that was already on the hardware,” continued Hammond. “HIPAA and other regulations meant that they needed to preserve the data and keep it secure, and we thought that the IGEL UD Pocket could be the answer to this problem. We didn’t see why it wouldn’t work, but we needed to test our theory.”

When the malware attack hit, that opportunity came sooner, rather than later for A2U. “We plugged the UD Pocket into one of the affected machines and were able to bypass the local hard drive, installing the Linux-based IGEL OS on the system without impacting existing data,” said Hammond. “It was like we had created a ‘Linux bubble’ that protected the machine, yet created an environment that allowed end users to quickly return to productivity.”

Working with the hospital’s IT team, it only took a few hours for A2U to get the entire finance department back online. “They were able to start billing the very next day,” added Hammond.