Oracle Information InDepth



Stay Connected

Database Security

Oracle on Twitter Oracle on Facebook Oracle Blog

Identity Management

Oracle on Twitter Oracle on Facebook Oracle Blog 

April 2014

Subscribe Subscribe Forward Forward

Back to the main page

Payment Card Security: Are You Ready?

Many organizations are still struggling to comply with the Payment Card Industry Data Security Standard (PCI DSS)—especially since version 3.0 requires compliance by the conclusion of 2014.

And the stakes are high. Direct losses due to fraud reached an estimated US$11 billion in 2012. And that is just the beginning. Breaches can result in anything from regulatory fines to lasting damage to an organization’s brand.

So far, compliance with PCI DSS version 3.0 has not proven easy. In its 2014 PCI compliance report, Verizon found that 89 percent of organizations did not demonstrate compliance on their first round of assessments.

Address Six PCI Requirements with Oracle Security Solutions
Oracle's unique security-inside-out approach dramatically simplifies compliance with 6 of the 12 requirements of PCI DSS version 3.0, including

  • No. 2. Remove vendor defaults for passwords and security configurations
  • No. 3. Protect stored cardholder data
  • No. 6. Develop and maintain secure systems and applications
  • No. 7. Restrict access to cardholder data by business need to know
  • No. 8. Identify and authenticate access to system components
  • No. 10. Track and monitor access to network resources and cardholder data

A new white paper, “Sustainable Compliance for the Payment Card Industry Data Security Standard,” maps each of the PCI DSS requirements to specific Oracle security solutions and functionality.

Database Security Plus Identity Management
Oracle's security-inside-out approach is especially relevant since PCI DSS version 3.0 requires securing data within the database as well as strict controls on user access.

For example, Oracle Advanced Security provides preventive security controls that include redacting sensitive data from applications and encrypting data at rest on disk and backup media. At the same time, Oracle Database Vault enables organizations to assert control over privileged database users.

The identity management requirements of PCI DSS are perhaps more difficult to implement, manage, and maintain. But Oracle Identity Management products, including Oracle Access Management Suite and Oracle Identity Governance Suite, provide a fully integrated, centrally managed, and automated solution.

For more details about how Oracle security solutions address the recent PCI DSS version 3.0 requirements, read the white paper “Sustainable Compliance for the Payment Card Industry Data Security Standard.”

Back to Top

Please send questions or comments to

This document is provided for information purposes only, and the contents hereof are subject to change without notice. This document is not warranted to be error-free, nor is it subject to any other warranties or conditions, whether expressed orally or implied in law, including implied warranties and conditions of merchantability or fitness for a particular purpose. We specifically disclaim any liability with respect to this document, and no contractual obligations are formed either directly or indirectly by this document. This document may not be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without our prior written permission.

Copyright © 2014, Oracle and/or its affiliates. All rights reserved.
Oracle and Java are registered trademarks of Oracle and/or its affiliates. Other names may be trademarks of their respective owners.

Intel and Intel Xeon are trademarks or registered trademarks of Intel Corporation. All SPARC trademarks are used under license and are trademarks or registered trademarks of SPARC International, Inc. AMD, Opteron, the AMD logo, and the AMD Opteron logo are trademarks or registered trademarks of Advanced Micro Devices. UNIX is a registered trademark of The Open Group.

  Hardware and Software, Engineered to Work Together Contact Us | Legal Notices and Terms of Use | Privacy Statement
Oracle Corporation


Oracle Corporation - Worldwide Headquarters, 500 Oracle Parkway, OPL - E-mail Services, Redwood Shores, CA 94065, United States

Your privacy is important to us. You can login to your account to update your e-mail subscriptions or you can opt-out of all Oracle Marketing e-mails at any time.

Please note that opting-out of Marketing communications does not affect your receipt of important business communications related to your current relationship with Oracle such as Security Updates, Event Registration notices, Account Management and Support/Service communications.