PCI DSS Compliance

Securing Customer Payment Information

Payment Card Industry (PCI) Security Standards are technical and operational requirements set by the PCI Security Standards Council (PCI SSC) to protect cardholder data. The standards apply to all entities that store, process or transmit cardholder data – with requirements for software developers and manufacturers of applications and devices used in those transactions. The Council is responsible for managing the security standards, while compliance with the PCI set of standards is enforced by the founding members of the Council: American Express, Discover Financial Services, JCB, MasterCard and Visa Inc.

The Payment Card Industry Data Security Standard (PCI DSS) applies to all entities that store, process, and/or transmit cardholder data. It covers technical and operational system components included in or connected to cardholder data. If you accept or process payment cards, PCI DSS applies to you.

PCI DSS is the global data security standard adopted by the payment card brands for all entities that process, store or transmit cardholder data and/or sensitive authentication data. It consists of steps that mirror security best practices.

GoalsPCI DSS Requirements
Build and Maintain a Secure Network and Systems1. Install and maintain a firewall configuration to protect cardholder data
2. Do not use vendor-supplied defaults for system passwords and other security parameters
Protect Cardholder Data3. Protect stored cardholder data
4. Encrypt transmission of cardholder data across open, public networks
Maintain a Vulnerability Management Program5. Protect all systems against malware and regularly update antivirus software or programs
6. Develop and maintain secure systems and applications
Implement Strong Access Control Measures7. Restrict access to cardholder data by business need to know
8. Identify and authenticate access to system components
9. Restrict physical access to cardholder data
Regularly Monitor and Test Networks10. Track and monitor all access to network resources and cardholder data
11. Regularly test security systems and processes
Maintain an Information Security Policy12. Maintain a policy that addresses information security for all personnel

If you are struggling with understanding PCI Compliance or becoming PCI Compliant, you could benefit from an assessment of your PCI processes. Our analysis consists of the following:

  • Contract review
  • Policy and procedure initial drafting and annual update/review
  • Cardholder Data Environment (CDE) drafting and analysis
  • Service Provider Compliance Assessment
  • Responsibility Matrix initial drafting and annual update/review
  • Security evaluation
  • Following the PCI Security Standard Council’s prioritized approach tool
  • Self-Assessment Questionnaire (SAQ) initial drafting and annual update/review
  • Annual PCI Security Awareness Training

After understanding how credit cards are processed by your organization, we’ll walk through the respective PCI SAQs to ensure you are in compliance. We’ll also identify those areas where compensating controls can be put into place and recommend policies and procedures to make your credit card process more secure and seamless.

We can assist with reducing applicable requirements by minimizing the scope of the Cardholder Data Environment (CDE) through process management and network segmentation.

Tangential Benefits of PCI Compliance

  • Provides a baseline for other security regulations
  • Understanding your processing fees to help identify opportunities for reducing costs
  • Builds trust with customers
  • Avoid costly fines

Certifications: Certified Information Systems Auditor (CISA) and Certified Information Technology Professional (CITP) Certified Common Security Framework Practitioner (CCSFP)

PCI DSS Experience: The requirements that are applicable to different merchants are complicated. Our IT professionals help businesses understand what they need to do to comply. They also investigate how businesses store, process and transmit customer data to ensure compliance. We have helped manufacturers, wholesalers, retailers, service businesses, museums, not-for-profits, social services agencies and schools with meeting their PCI DSS compliance requirements.

If you process credit cards, you have extra levels of responsibility. It’s imperative that you follow PCI DSS, and we can help ensure that you are in compliance.  Contact us to learn how we can help.