What is PCI DSS?
PCI DSS is the Payment Card Industry Data Security Standard, and this is a worldwide standard that was set up to help businesses process card payments securely and reduce card fraud. The way it does this is through tight controls surrounding the storage, transmission and processing of cardholder data that businesses handle. PCI DSS is intended to protect sensitive cardholder data.
There are 12 high level requirements, and they fall into the six categories below:
Build and Maintain a Secure Network
1. Install and maintain a firewall configuration to protect data
2. Do not use vendor-supplied defaults for system passwords and other security parameters.
Protect Cardholder Data
3. Protect stored data (use encryption)
4. Encrypt transmission of cardholder data and sensitive information across public networks
Maintain a Vulnerability Management Program
5. Use and regularly update anti-virus software
6. Develop and maintain secure systems and applications
Implement Strong Access Control Measures
7. Restrict access to data by business need-to-know
8. Assign a unique ID to each person with computer access
9. Restrict physical access to cardholder data
Regularly Monitor and Test Networks
10. Track and monitor all access to network resources and cardholder data
11. Regularly test security systems and processes
Maintain an Information Security Policy
12. Maintain a policy that addresses Information Security
How we can help
As a experienced company, NESECO strives to deliver the best service possible to our clients through our specialised, practical, well-supported and comprehensive set of PCI DSS compliance services. Our PCI DSS Services are delivered by a PCI-experienced, focussed and highly skilled team of consultants who have worked with many of the acquiring banks, payment service providers, application providers, hosting providers and merchants since the inception of the PCI security standards. Our experience in the PCI arena has enabled us to develop a successful methodology for helping our clients to manage their risk and achieve PCI DSS Compliance.
We aim to build a lasting relationship with our clients and our services and attitude reflect this approach.
Our main services include:
Pre-Compliance/Gap Analysis - an onsite review and gap-analysis providing a structured framework and guidance to establish a baseline level of compliance and to address areas of non-compliance. This essential service forms the basis of a successful compliance program.
Network Vulnerability Scans - identify and prioritise network vulnerabilities ensuring up to date protection from the latest threats and meeting annual PCI DSS compliance requirements.
Penetration Testing - penetration test services (both internal and external) provide a comprehensive and thorough analysis of a network and application's security and thus offer protection against potential compromise. Any issues identified are always explained thoroughly in easy to absorb language and remediation advice is provided.
Onsite Assessments - PCI DSS Compliance for Level 1 and 2 merchants, Payment Service Providers and Hosting Providers requires an annual onsite assessment. A structured methodology ensures that this process is as straightforward as possible.
Consultancy - assistance with information security policies and procedures; secure network architecture design; gap analysis and remediation guidance.
Remediation Services - ensure that all deviations from the PCI DSS requirements are either remediated or compensating controls are used in mitigating the risk.