PSI DSS Assistance | Contract Review | OH | KY | IN

Secure Customer Payment Information

Do you accept or process credit cards? Or do you develop software that deals with card data? Then, PCI DSS applies to you.

The Payment Card Industry Data Security Standard (PCI DSS) is a set of security standards that apply to any company that accepts, processes, stores, or transmits credit card information.

The standards mirror security best practices. And they apply to all technical and operational system components related to cardholder data. They even apply to software developers and manufacturers of applications and devices used to process credit card transactions.

In this short video, our SOC reporting team breaks down the 6 requirements of PCI compliance:

Can’t watch the video? Read the transcript.

GoalsPCI DSS Requirements
Build and Maintain a Secure Network and Systems1. Install and maintain a firewall configuration to protect cardholder data
2. Do not use vendor-supplied defaults for system passwords and other security parameters
Protect Cardholder Data3. Protect stored cardholder data
4. Encrypt transmission of cardholder data across open, public networks
Maintain a Vulnerability Management Program5. Protect all systems against malware and regularly update antivirus software or programs
6. Develop and maintain secure systems and applications
Implement Strong Access Control Measures7. Restrict access to cardholder data by business need to know
8. Identify and authenticate access to system components
9. Restrict physical access to cardholder data
Regularly Monitor and Test Networks10. Track and monitor all access to network resources and cardholder data
11. Regularly test security systems and processes
Maintain an Information Security Policy12. Maintain a policy that addresses information security for all personnel

Knowing which requirements apply to you – not to mention how you can meet them – can be complicated. Our IT professionals can help you understand what you need to do to comply, and help you get there.

Interested in becoming PCI-compliant?

We can walk you through a PCI process assessment, which includes:

  • Contract review
  • Policy and procedure initial drafting followed by annual updates
  • Cardholder Data Environment (CDE) drafting and analysis
  • Service Provider Compliance Assessment
  • Responsibility Matrix initial drafting followed by annual updates
  • Security evaluation
  • PCI Security Standard Council’s prioritized approach tool
  • Self-Assessment Questionnaire (SAQ)
  • Annual PCI Security Awareness Training

Once we understand how your organization processes credit cards, we’ll walk through the right PCI SAQ for your situation so you’ll know if you’re in compliance. We’ll also identify areas where controls can be put into place and recommend policies and procedures to make your credit card process more secure and seamless.

Our team’s got the experience you need, backed by credentials you can trust:

Learn how we can help you follow PCI DSS and ensure you’re in compliance.

Get more done in less time – combine PCI DSS with SOC reporting

Often if you need PCI compliance, you’ll probably need a SOC 2 report too. Doing them in tandem can save time, money, and other resources. In this podcast, Barnes Dennig SOC reporting practice leader Robert Ramsay and Pondurance managing consultant, Brett Bane, explain how:

 

 

 

Barnes Dennig is a 2019-2022 Best of Accounting Firm
IPA Top 200 Firms

We have always had a very good working relationship and I value your expertise.

— Barnes Dennig Client, 2022

Working with Robert. They have become trusted advisors and partners. You have long-term employees and we have been able to build a trusted relationship. Many companies switch out the employees or have high turnover, so year after year, you feel as if you are starting over.

We couldn't be happier with the service we receive, and particularly with the knowledge base that our Barnes Dennig team brings to helping us address new topics and issues as they arise.

— Lynda G., Director of Finance

Learn how we can help you follow PCI DSS

and ensure you’re in compliance.