PCI DSS COMPLIANCE AND CERTIFICATION SERVICES
Security Management Technology Group
SPECIALIZES IN INTEGRATED CYBER SECURITY SOLUTIONS AND CONSULTATION
How to meet the latest payment card industry data security standards
If your business processes card transactions, protecting this highly sensitive information should be a high priority. Failure to introduce and maintain appropriate payment security standards could result in your organization receiving significant fines and suffering serious reputational damage.
However, putting in place the range of controls needed to achieve compliance with the latest Payment Card Industry Data Security Standards (PCI DSS) can place a strain on your organization.
As a leading provider of managed security and assessment services, SMT Group can help your organization to understand and implement the technical and operational controls needed to fulfil PCI requirements.
What is PCI DSS?
The PCI DSS is a minimum set of technical and organizational requirements designed to help businesses protect customers’ cardholder data against fraud through robust payment security.
All organizations that accept or process credit card payments are required to undertake an annual PCI DSS audit of security controls and processes, covering areas of data security such as retention, encryption, physical security, authentication and access management.
PCI DSS is enforced by the founding members of the PCI Council: American Express, Discover Financial Services, JCB, MasterCard and Visa Inc. Organizations deemed to fall short of required payment security standards, or those who are not working towards achieving compliance, are liable to receive a fine.
Who does PCI DSS apply to?
The PCI DSS applies to all organizations that store, process and transmit cardholder data (CHD) and/or sensitive authentication data (SAD). Examples of these types of organizations include merchants, processors, acquirers, issuers, and service providers.
领英推荐
Organizations that outsource payment operations are responsible for ensuring that all account data processed is suitably protected by contracted third parties.
PCI DSS COMPLIANCE AND CERTIFICATION SERVICES
SMT Group offers the following standardized methodology of PCI Certification for all its clients year 1. The methodology consists of the following steps:
GAP ANALYSIS (STEPS 1 TO 3):
SMT Group will perform a gap analysis and perform the required testing to be able to inform the client of the controls that need remediation to achieve PCI compliance. The assessment will include a review of the cardholder production network (including vulnerability and penetration testing) and supporting technical documentation. The assessment process may include interviews with company personnel to determine what PCI requirements are in place and where remediation is required.
The first phase of the project will involve reviewing and validating the current cardholder network environment, policies and procedures against the PCI Data Security Standard (DSS). The methodology for validation will include:
CERTIFICATION (STEPS 6 TO 9):
SMT Group will, as required for the project, deploy a PCI audit team of Qualified Security Assessors (QSAs) to carry out an on-site portion of the PCI DSS assessment. After completion of our internal quality assurance procedures, the client will be issued a Report on Compliance (ROC) and appropriate certification documentation will be submitted to various credit card brands. PCI DSS certification requirements are dependent on the level of the service providers as determined by their acquirer or the payment brands and is summarized below. Merchants and Services providers should contact their acquirer or the payment brands to identify their specific validation and reporting requirements.