Netwrix: 6 Essential Rules for PCI DSS Compliance | GBAF | GBAF

Netwrix: 6 Essential Rules for PCI DSS Compliance | GBAF | GBAF

Editorial & Advertiser disclosure

Global Banking and Finance Review is an online platform offering news, analysis, and opinion on the latest trends, developments, and innovations in the banking and finance industry worldwide. The platform covers a diverse range of topics, including banking, insurance, investment, wealth management, fintech, and regulatory issues. The website publishes news, press releases, opinion and advertorials on various financial organizations, products and services which are commissioned from various Companies, Organizations, PR agencies, Bloggers etc. These commissioned articles are commercial in nature. This is not to be considered as financial advice and should be considered only for information purposes. It does not reflect the views or opinion of our website and is not to be considered an endorsement or a recommendation. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third-party websites, affiliate sales networks, and to our advertising partners websites. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish advertised or sponsored articles or links, you may consider all articles or links hosted on our site as a commercial article placement. We will not be responsible for any loss you may suffer as a result of any omission or inaccuracy on the website.

Home > Top Stories > SIX BEST PRACTICES TO ASSURE PCI COMPLIANCE

SIX BEST PRACTICES TO ASSURE PCI COMPLIANCE

Published by Gbaf News

Posted on July 30, 2014

3 min read

Last updated: January 22, 2026

Illustration of PCI compliance best practices in banking security - Global Banking & Finance Review — This image illustrates key best practices for PCI compliance, emphasizing security measures relevant to banking and finance. It complements the article's focus on safeguarding against data breaches and enhancing change and configuration auditing.

Change and configuration auditing is essential for organisations that need PCI DSS says Netwrix

With recent PCI DSS (Payment Card Industry Data Security Standard) compliance incidents costing companies millions of pounds in fines and losses and inflicting damage to valuable brand reputations, Netwrix is urging organisations processing payment cards to follow six best practices to safeguard against a security incident.

Netwrix points to the recent eBay breach that forced the company to advise 145 million active users to change their passwords to avoid financial information loss, while the breach at US retailer Target resulted in 40 million stolen credit card numbers and compromised the personal information of more than 70 million customers.

To help organisations avoid such data breaches and their consequences, Netwrix recommends six essential rules around change and configuration auditing:

Separate Environments – Minimise your risks by reducing PCI scope within your systems and enforce separation of environments by continuously auditing access and changes to the systems where cardholder data is stored.
Audit Access Control – Ensure that permissions are adequate and access to sensitive data is limited only to people who need it. Change and configuration auditing can help by giving you precise information about the state of access rights and all changes to it, alerting you to critical issues and helping with investigation in the event of unauthorised access.
Audit Provisioning and De-Provisioning of Users – Organisations should establish control over user creations and removals. A comprehensive change and configuration auditing solution will provide daily and on-demand reports as well as real-time alerts on these critical modifications.
Audit of Privileged Users’ Activities – A particular emphasis should be placed on changes made by administrative accounts: changes to user access rights, elevation of privileges, mistakenly changed permissions and other security related events. Daily and on-demand reports and real-time alerts provided by change auditing solutions will help organisations to stay secure.
Document Everything – You never know what part of your system activities or during what period you will be required to demonstrate to the auditor, so keep it all. In addition to a complete audit trail, some of the more advanced change and configuration auditing solutions allow you to record video of user activities on critical systems, along with metadata, and provide search and replay capabilities. A regular review of audit trails may also assist in preventing breaches before they occur.
Monitor and Test – Change and configuration auditing solutions will provide a complete audit trail with detailed information on access and changes with ‘who, what, where, and when’ details, including after and before values for each event. This will simplify root-cause analysis and allow proactive prevention of malicious activities.

“Recent examples show that it is not enough to align your processes and policies with PCI DSS guidance,” said Alex Vovk, President of Netwrix. “You must also establish mechanisms to verify these processes actually work and be able to prove that to all stakeholders: IT management, executives, and auditors. Essentially, change auditing is what makes your compliance efforts provable.”