PCI Security Compliance Services Consulting
As of December, 2005 all merchants and service providers who handle credit or debit card information are required to meet a new, common standard for information security, called the Payment Card Industry (PCI) – Data Security Standard. How you are required to validate your compliance depends on how much business you do by payment card and whether or not you previously have suffered a breach of cardholder information.
If you suffer a breach and aren’t in compliance, you could be fined from $50,000 to $500,000 and be required to regularly conduct expensive third-party audits of your information security.
In order to be in compliance with the PCI Data Security Standard you need to satisfy twelve basic requirements in information security, as well as the many details that support those requirements.
Have you reviewed the security of the cardholder information you receive? Have you conducted a self-assessment or hired a qualified third party to assess how well you meet the 12 requirements of the PCI standard? Will you be ready to face the auditors and pay the fines if you suffer a breach of cardholder information?
Proviatek is experienced in helping clients comply with information security regulations and providing the information, tools, and services necessary to maintain the security of individual information and protect their clients from the significant and increasing costs of cardholder information security breaches and their resolution.
What are the 12 Requirements of the PCI Standard?
Each of the 12 requirements has sub-requirements defined in the PCI validation template. For instance, requirement 3 alone has 21 separate issues listed that must be satisfied during an audit or assessment. The twelve requirements are:
Build and Maintain a Secure Network
Install and maintain a firewall configuration
No vendor-supplied defaults for system passwords and other security parameters
Protect Cardholder Data
Protect Stored Data
Encrypt transmission of cardholder data across public networks
Maintain a Vulnerability Management Program
Use and regularly update anti-virus software
Develop and maintain secure systems and applications
Implement Strong Access Control Measures
Restrict access to data by business need-to-know
Assign a unique ID to each computer user
Restrict physical access to cardholder data
Regularly Monitor and Test Networks
Track and monitor all access to network resources and cardholder data
Regularly test security systems and processes
Maintain an Information Security Policy
Maintain a complete policy that addresses information security
How can Proviatek help?
1) The first step in reaching compliance with PCI security requirements is to perform a detailed assessment of information flows and analysis of risk exposures for all cardholder information.
2) Technological and physical measures can be taken to reduce risk exposures and policies and procedures can be implemented to meet the extensive requirements in the standard audit and address the risks exposed in the analysis.
3) Once new policies, procedures, and practices are established, workforce training may be conducted to promote the necessary organizational culture of privacy and security.
Proviatek has the experience to assist merchants and service providers in all of these critical tasks. Contact us today for more information or a free preliminary quotation for services.