Quasar Card Scanning as a Service

Cardholder Data Discovery with Quasar

Confide is the exclusive reseller of Quasar in New Zealand. Quasar is an application that allows customers to scan servers, mailboxes, and databases across their environment to find cardholder data that is not protected.

Once you understand where cardholder data is present in your environment, you can make an informed decision about:

  • What to do with it (protect it or delete it)
  • How it got there in the first place
  • How you can prevent it from happening again.

What really differentiates Quasar though is the team of analysts who review the results. Each set of results is reviewed to minimise the risk of a report filled with false positives (or even worse, giving you assurance with false negatives). Our analysts are trained in recognising and separating real cardholder data which means shorter reports that are easier to act on. 

Quasar has been deployed in organisations of all sizes, and our analysts are trained in various deployment methods. So we can help your team whether you are a team of 2 or a team of 20,000. 

Benefits of Quasar

Reduce the cost and effort of PCI DSS compliance by validating your scope.
Provide clear, tangible evidence to your QSA that you are not storing cards – a great way to show that certain PCI DSS requirements don’t apply to you, and assurance that your QSAs checks won’t turn up anything unexpected.

At the end of the day, there is a saying in PCI DSS – if you don’t need it, don’t store it. That’s because storage of cardholder data, especially if not protected is a significant risk to your environment.

You might have reasons why you need to store certain data for a period of time, but do you have a process to make sure that your cleanup is thorough and effective? Demonstrate you’ve removed that data you no longer need with Quasar.
Identify risky processes that have led to cardholder data being stored. Quasar and our analysts give you enough information to be able to understand the root cause of cardholder data storage. And with that information you can take steps to improve your processes and reduce your risk.
Quasar isn’t going to find vulnerabilities in your software, but we often find that tools have been misconfigured leading to cardholder data being collected. Logging accidentally turned on, files accidentally saved. Identifying these misconfiguration can help reduce your compliance risk.

Cardholder data discovery is a suggested way to help meet Req. 12.5.1 in PCI DSS v4.0. While it’s not the only way, automated tools are a fast way to show that you don’t have any cardholder data stored in the places you were hoping were out of scope.