PCI DSS

Use your handsets and mobile computers safely

The Payment Card Data Security Standard (PCI-DSS) is a global standard designed to reduce credit card fraud and enable companies to securely transact business with their customers.  It is not a set hardware or software solution in itself.  Rather, it is an organizational and IT architecture solution that is customized for each organization’s environment.   The complexity of complying to the PCI DSS standard has led to the situation where there are a limited number of specialist consultancies possessing sufficient expertise to manage these compliance programs..

There are twelve mandated requirements which must be in place to satisfy this standard. In addition, specific versions of card reader hardware, firmware and network software must be deployed in order  to be PIN compliant..

First Info Sec’ PCI-DSS consultants are highly experienced in this field.  All have worked across varied vertical markets ever since the inception of the PCI security standards.  The consultants follow the FIS methodology to ensure the management of risk whilst achieving PCI DSS Compliance as efficiently as possible.  Through a series of informed instructional meetings, process analysis, and technical review, the consultants guide the client organization through the compliance steps in order to assure that an auditable certification for both PCI DSS and PCI PIN will be achieved and maintained.

Using our partner, Trustwave, known for their proven program management process, FIS has developed a winning formula to achieve PCI DSS compliance as quickly and safely as possible. Through this joint expertise we work to establish best practices moving forward, reduce the complexity of the process, while improving visibility and control for our clients over the finished result. Throughout the project we ensure security is held as the over-riding priority in everything we do.

PCI Pin

PCI 1-2-3

It is an online solution which allows level 2, 3 & 4 merchants to monitor and maintain PCI compliance. Designed for SMB organisations, the online portal provides anytime access to real-time PCI DSS compliance and security details, with all the right tools to make it easy to understand, analyse and validate PCI compliance.

Consultancy

Assistance with information security policies and procedures; secure network architecture design; gap analysis and remediation guidance.

Remediation

It ensure’s that all deviations from the PCI DSS requirements are either remediated or compensating controls are used in mitigating the risk. We have a vendor agnostic approach with advice provided on open-source and commercial solutions with practical recommendations and workshop services available.

As required by the PCI PIN Security Requirements we will carry out the following:

PCI PIN Onsite Assessment

The onsite assessment will include interviews with key personnel, as well as required testing/sampling as defined by the PCI PIN Security Requirements.

PCI PIN Security Report

This is produced offsite by the Foregenix consultant detailing the findings of the onsite assessment, the report is then passed to the Foregenix QA Service.

In addition, our unique QA Service reviews the content and findings of the report to ensure it is presented to the Card Schemes in its best possible form, thereby making sure that the compliance review process with the Card Schemes is as seamless as possible.

and this is a worldwide standard that was set up to help businesses process card payments securely and reduce card fraud. The way it does this is through tight controls surrounding the storage, transmission and processing of cardholder data that businesses handle. PCI DSS is intended to protect sensitive cardholder data.

 

There are 12 high level requirements, and they fall into the six categories below

Build and Maintain a Secure Network

1. Install and maintain a firewall configuration to protect data
2. Do not use vendor-supplied defaults for system passwords and other security parameters.

Protect Cardholder Data

3. Protect stored data (use encryption)
4. Encrypt transmission of cardholder data and sensitive information across public networks

Maintain a Vulnerability Management Program

5. Use and regularly update anti-virus software
6. Develop and maintain secure systems and applications

Implement Strong Access Control Measures

7. Restrict access to data by business need-to-know
8. Assign a unique ID to each person with computer access
9. Restrict physical access to cardholder data

Regularly Monitor and Test Networks

10. Track and monitor all access to network resources and cardholder data
11. Regularly test security systems and processes

Maintain an Information Security Policy

12. Maintain a policy that addresses Information Security