Secure Customer Payment Information
Do you accept or process credit cards? Or do you develop software that deals with card data? Then, PCI DSS applies to you.
The Payment Card Industry Data Security Standard (PCI DSS) is a set of security standards that apply to any company that accepts, processes, stores, or transmits credit card information.
The standards mirror security best practices. And they apply to all technical and operational system components related to cardholder data. They even apply to software developers and manufacturers of applications and devices used to process credit card transactions.
In this short video, our SOC reporting team breaks down the 6 requirements of PCI compliance:
Can’t watch the video? Read the transcript.
|Goals||PCI DSS Requirements|
|Build and Maintain a Secure Network and Systems||1. Install and maintain a firewall configuration to protect cardholder data
2. Do not use vendor-supplied defaults for system passwords and other security parameters
|Protect Cardholder Data||3. Protect stored cardholder data
4. Encrypt transmission of cardholder data across open, public networks
|Maintain a Vulnerability Management Program||5. Protect all systems against malware and regularly update antivirus software or programs
6. Develop and maintain secure systems and applications
|Implement Strong Access Control Measures||7. Restrict access to cardholder data by business need to know
8. Identify and authenticate access to system components
9. Restrict physical access to cardholder data
|Regularly Monitor and Test Networks||10. Track and monitor all access to network resources and cardholder data
11. Regularly test security systems and processes
|Maintain an Information Security Policy||12. Maintain a policy that addresses information security for all personnel|
Knowing which requirements apply to you – not to mention how you can meet them – can be complicated. Our IT professionals can help you understand what you need to do to comply, and help you get there.
Interested in becoming PCI-compliant?
We can walk you through a PCI process assessment, which includes:
- Contract review
- Policy and procedure initial drafting followed by annual updates
- Cardholder Data Environment (CDE) drafting and analysis
- Service Provider Compliance Assessment
- Responsibility Matrix initial drafting followed by annual updates
- Security evaluation
- PCI Security Standard Council’s prioritized approach tool
- Self-Assessment Questionnaire (SAQ)
- Annual PCI Security Awareness Training
Once we understand how your organization processes credit cards, we’ll walk through the right PCI SAQ for your situation so you’ll know if you’re in compliance. We’ll also identify areas where controls can be put into place and recommend policies and procedures to make your credit card process more secure and seamless.
Our team’s got the experience you need, backed by credentials you can trust:
- Certified Information Systems Security Professional (CISSP)
- Certified Information Systems Auditor (CISA)
- Certified Information Technology Professional (CITP)
- HITRUST Certified Common Security Framework Practitioner (HITRUST CCSFP)
Learn how we can help you follow PCI DSS and ensure you’re in compliance.
Get more done in less time – combine PCI DSS with SOC reporting
Often if you need PCI compliance, you’ll probably need a SOC 2 report too. Doing them in tandem can save time, money, and other resources. In this podcast, Barnes Dennig SOC reporting practice leader Robert Ramsay and Pondurance managing consultant, Brett Bane, explain how: