Granting secure, PCI compliant remote access to network devices for authorized employees and service providers

Network security image

Legacy equipment, like DVRs and ATGs, often exposes an attack vector to the digital estate of the store, so how do you provide secure remote access to these and other network-connected devices for authorized employees, third-party service providers and business partners?

Standards for PCI compliance included Verifone’s MNSP program?

Let’s start with what the PCI Security Standards Council requires. According to PCI DSS 12.3.8 and 12.3.9, remote access for vendors and business partners should only be provided when needed and should disconnect after a period of inactivity. The specific requirements read as follows:

PCI DSS 12.3.8 Automatic disconnect of sessions for remote-access technologies after a specific period of inactivity

PCI DSS 12.3.9 Activation of remote-access technologies for vendors and business partners only when needed by vendors and business partners, with immediate deactivation after use

SOURCE: PCI Security Standards Council

How to securely enable remote access

With the right solution, all devices (including cameras, DVRs, ATGs and other legacy equipment) in the store’s digital estate can be fully locked down while also being securely, remotely accessible by employees and authorized vendors and business partners.

With Acumera’s AcuLink™ service, available in the AcuVigil™ Dashboard, remote access is achieved through authenticated, logged and secured ephemeral connections that automatically disconnect — rather than persistent connections that can open up your network to attacks. With AcuLink remote access, stores get:

  • Simple one-click activation of remote sessions from Acumera’s PCI DSS-compliant AcuVigil Dashboard
  • Automatic disconnection of remote sessions after a period of inactivity
  • Compliance with PCI DSS remote access requirements 12.3.8 and 12.3.9
  • Compliant remote access to legacy devices like DVRs and ATGs which are not PCI compliant but are important to store operations

Secure remote access is a functionality that is typically provided by a Managed Network Service Provider (MNSP). A good MNSP is important for the security of your network but can also provide other services for increased uptime, profitability and data intelligence.

What to look for when selecting an MNSP

When selecting an MNSP, you’ll want to choose one that is fully PCI compliant and can provide you with an Attestation of Compliance (AOC). Other considerations are whether they are listed on the Mastercard and Visa PCI compliant service provider registries, are a certified MNSP with Verifone or Gilbarco, and if they provide reliable, 24x7x365 network support.

Keeping your network secure is crucial to keeping payments flowing, avoiding data breaches, and maintaining compliance. Other considerations include tools, equipment and services like:

  • A cloud-based dashboard for visibility of all connected devices to ensure they are functional and secure
  • Apps and tools for PCI compliance, management, analytics, fuel monitoring, loyalty programs, and more
  • A flexible WiFi solution that can be positioned anywhere in the store
  • WAN failover enabled for automatic backup network connectivity for maximum uptime
  • Cellular failover, including a modem, data plan and flexible carrier options
  • VPN connection setup for secure headquarters access to crucial business data at distributed locations

For more guidance, you can refer to our “How to select a Verifone certified Managed Network Service Provider (MNSP) and prepare for outdoor EMV” blog post and the associated “Choosing an MNSP and Preparing for Outdoor EMV” infographic.

The next steps to ensuring secure remote access

Contact Acumera at 512.687.7410 or to learn more about secure remote access and our complete, all-in-one solution that provides visibility, increased uptime and proactive 24x7x365 network support.

You may also like these