Payment Card Industry - PCI DSS
Our approach helps to ensure that our clients are achieving, validating and maintaining their compliance.
The Payment Card Industry Data Security Standard (PCI DSS) is a set of security standards designed to ensure that ALL companies that accept, process, store or transmit credit card information maintain a secure environment. The PCI DSS applies to ANY organization, regardless of size or number of transactions, that accepts, transmits or stores any cardholder data.
The Payment Card Industry Security Standards Council (PCI SSC) was launched on September 7, 2006 to manage the ongoing evolution of the Payment Card Industry (PCI) security standards with a focus on improving payment account security throughout the transaction process. The PCI DSS is administered and managed by the PCI SSC (www.pcisecuritystandards.org), an independent body that was created by the major payment card brands (Visa, MasterCard, American Express, Discover and JCB.). It is important to note that the payment brands and acquirers are responsible for enforcing compliance, not the PCI council.
Due to its complexity and breadth, the PCI DSS poses many and varied challenges to an organization. Achieving and maintaining compliance is not simply a technical issue. The independent validation of PCI compliance can be conducted by Qualified Security Assessors only.
Interactive Security has Qualified Security Assessor (QSA) engineers, who provide PCI DSS onsite reviews. Our QSAs work with our clients to understand their individual compliance requirements.
We provide scheduled penetration testing, quarterly scans and an onsite review. With Interactive Security you get a security partner that wants you to succeed. Our approach helps to ensure that our clients are achieving, validating and maintaining their compliance.
PCI Advisory Services
How an organization approaches PCI compliance projects is key. Doing it without expert advice can complicate the project and become an expensive exercise. Interactive Security can assist you in understanding and identifying a pragmatic and cost beneficial PCI Compliance Roadmap.
- Scope and PCI Compliance Roadmap Implementation
- Current state assessment against PCI DSS
- PCI Compliance Gap Assessments
- Self-Assessment Questionnaire facilitation
- Business Process Reengineering
- Onsite PCI validation
- Report of Compliance
PCI Assurance Services
As a PCI specialist, we are able to provide a number of the PCI mandated services as per PCI DSS:
- Quarterly Network Vulnerability Scanning
- Penetration Testing (External and Internal)
- Application Security Assessments
Penetration / Application testing should be done at least annually to comply with PCI. It extends the vulnerability assessment by providing tangible evidence that the environment can be compromised and to what extent. Examples of tests include:
- Gaining unauthorized access to servers or devices
- Obtaining sensitive information
- Modifying data
- Accessing another customers information and accounts
- Accessing protected functionality without valid credentials
Interactive Security’s independent PCI solutions support your efforts to evaluate your current readiness for PCI assessments, provide recommendations and findings, and implement strong controls to help you maintain a consistent PCI compliance environment.
Drawing on an in-depth understanding of today's security threat landscape and backed by extensive experience in the IT security field – Interactive Security is able to provide a security partnership to help you meet not only PCI compliance but also any other data integrity and privacy initiatives.
Interactive Security firmly believes in educating its clients about compliance-as-an-ongoing-process. We understand that purchasing approved security products does not ensure compliance. Rather, organizations need to be cognizant not only of how they implement the solution, but of how they "manage and maintain those systems” as well.
Are you wondering about your organization’s PCI Compliance? Contact the Interactive Security team at 267-824-2500 or firstname.lastname@example.org. We can help you understand the specific steps your organization needs to take to get up to date.