Payment Card Industry Data Security Standard – PCI DSS
Ensure your compliance with PCI-DSS. We use up-to-the-minute assessment and auditing frameworks to assess your compliance status.
PCI DSS Auditing Overview
The Payment Card Industry Data Security Standard (PCI DSS) is a proprietary information security standard for organizations that handle branded credit cards from the major card schemes including Visa, MasterCard, American Express, Discover, and JCB.
The PCI Standard is mandated by the card brands and administered by the Payment Card Industry Security Standards Council. The standard was created to increase controls around cardholder data to reduce credit card fraud. Validation of compliance is performed annually, either by an external Qualified Security Assessor (QSA) that creates a Report on Compliance (ROC) for organizations handling large volumes of transactions, or by Self-Assessment Questionnaire (SAQ) for companies handling smaller volumes.
PCI DSS Compliance
The Payment Card Industry Security Standards Council was originally formed by American Express, Discover Financial Services, JCB, MasterCard Worldwide and Visa International on September 7, 2006, with the goal of managing the ongoing evolution of the Payment Card Industry
Data Security Standard. The council itself claims to be independent of the various card vendors that make up the council.
The PCI Council formed a body of security standards known as the Payment Card Industry Data Security Standard (PCI DSS), and these standards consist of twelve significant requirements including multiple sub-requirements which contain numerous directives against which businesses may measure their own payment card security policies, procedures and guidelines. By complying with qualified assessments (see QSA) of these standards, businesses can become accepted by the PCI Standards Council as compliant with the twelve requirements, and thus receive a compliance certification and a listing on the PCI Standards Council website. Compliance efforts and acceptance must be completed on a periodic basis.
PCI DSS Compliance And Qualified Security Assessor (QSA)
ITSecurity.Org can help you understand your obligations and can help you minimize the scope of compliance.
Understanding how credit cards are Processed, Transmitted and Stored and then controlling that environment is key to a successful PCI DSS Compliance project. We can help you develop appropriate controls, including essential Policies, Procedures and Manuals, design a network that limits scope and meets essential security obligations, or even help you get your cards stored offsite with an integrated vault solution (where cards are exchanged for tokens).
If you need to achieve Level 1 or 2 compliance, we can introduce you to a trusted Qualified Security Assessor (QSA) for a formal Audit process.