VISA CISP, Payment Card Industry Data Security Standard, OATS, Sarbanes Oxley, FFIEC Compliance for authenticated transaction time, legally traceable time for Financial Services

Aerospace and Defense

Digital Broadcast

Financial Services

Government and Civilian Agencies

Healthcare

Homeland Security

Public Safety

Telecommunications

Transportation

Manufacturing

Documents

	Read Verus Card Services Case Study (pdf) Learn how time synchronization supports real-time trading (pdf) Visa CISP Payment Card Industry Security Standard Data Sheet Payment Card Industry: Security Audit Procedures

Select Customers

	Merrill Lynch Deutsche Bank JP Morgan Chase Ebocom, LLC Network 1 Financial Federal Farm Credit Banks Citibank National Australia Bank Federal Reserve Bank PFF Bank & Trust Laredo National Bank Federal Home Loan Bank Citicorp Finance LTD Chicago Stock Exchange E*Trade Group Brokerage America Two Sigma Investments Bay Federal Credit Union AIM Investments Banco General Moody's Investment Services Track Data Corporation

Links

	How to keep time with your servers Synchronized time is needed to authenticate credit card transactions

In today’s high-performance computing world, transactions happen instantaneously.

Whether it’s a simple securities exchange, algorithmic trading, or a cloud-computing applications, events happen in real-time over wide areas. The networks that work behind the scenes have to be able to handle these real-time transactions and remain compliant with the ever increasing regulations that they are governed by.

Applications are requiring microsecond timing and synchronization accuracies between clocks that are distributed among different data centers all over the world. These requirements extend to several other industries such as power and utilities, transportation and e-commerce.

Many of these industries are regulated by laws, acts, standards and best practices such as Sarbanes Oxley, Payment Card Industry Data Security Standard (VISA CISP and others), OATS, FFIEC and Gramm-Leach Bliley, mandate that data and records be secure and accurate. Auditing systems need to varify that the time a transaction was made is accurate and authentic. By providing accurate time-stamps and audit trail support, greater regulatory compliance can be gained.

Examples of Time Synchronization Standards and Best Practices in Financial Services

Payment Card Industry Data Security Standard - 10.4 Synchronize All Critical System Clocks & Time:

NTP is used for time synchronization.Two or three central time servers within the organization receive external time signals (directly from GPS satellites - based on International Atomic Time and UTC (formerly GMT)), peer with each other to keep accurate time, and share the time with other internal servers (i.e., internal servers should not be all be receiving time signals from external sources).

NTP is running the most recent version.

Specific external hosts are designated from which the time servers will accept NTP time updates (to prevent an attacker from changing the clock). Updates can be encrypted with a symmetric key, and access control lists can be created that specify the IP addresses of client machines that will be provided with the NTP service (to prevent unauthorized use of internal time servers).

FINRA OATS - Rule 7430 - Clock Synchronization:

Requires member firms that record order, transaction, or related data required by the By-Laws or other rules of NASD to synchronize all business clocks, including both computer system clocks and mechanical time stamping devices, that are used to record the date and time of any market event. In addition, the rule requires that member firms maintain the synchronization of such business clocks.

All computer system clocks and mechanical time stamping devices must be synchronized to within three seconds of the National Institute of Standards and Technology (NIST) atomic clock.

The ability to synchronize time improves the functionality of these networks. By utilizing a GPS enabled NTP Time Server, an organization can guarantee that the time across their network is secure, accurate and reliable. Applications requiring higher accuracy can leverage their network by implementing Precision Time Protocol (PTP).

When all the devices in a network are synchronized, all transactions that take place are able to provide an accurate, authenticated time source. For this very reason, Spectracom is able to provide Legally Traceable Time® that is official UTC, Coordinated Universal Time. When a transaction happens, that event can be traced back with the ability to precisely and legally prove its documented history.

Security is also increased, as with the use of such a time server, it resides behind the firewall so there is no need to open any additional ports and seek time from on an unreliable source over the internet.

Products for Financial Services

NetClock® Time Server & Master Clock

The latest generation of the industry-leading NetClock offers 2 base models (9383 and 9389) and numerous options that range from a high-performance GPS stratum-1 NTP server, to a variety of time and frequency functions.

NetClock Time Server & Master Clock Details

Bus-Level Timing

Computer slot cards and boards for various instrument and other interfaces are available with software drivers for easy integration. A PCI express model support precision time protocol (PTP/IEEE-1588).

Bus-Level Timing Product Details

Partner Login

Financial Services & High Performance Computing

Documents

Select Customers

Links

In today’s high-performance computing world, transactions happen instantaneously.

Products for Financial Services

NetClock® Time Server & Master Clock

Bus-Level Timing