PCI DSS

The PCI-DSS is a multifaceted security standard that includes requirements for security management, policies, procedures, network architecture, software design and other critical protective measures. Established by the 5 major credit card industries in response to an increase in identity theft and payment card frauds. Every merchant/service providers who handles card data is responsible for safeguarding that information and can be held liable for security compromises and must comply with PCI-DSS. Organised criminal gangs operate globally in the dark web; Their only interest is money; Hence Data = Money; Their targets are everyone anywhere

Securing Criteria

PCI DSS Scope

  • System component stores, processes, or transmits CHD/SAD or System component is on the same network segment-for example, in the same subnet or VLAN as system(s) that store, process, or transmit CHD/SAD.
  • System component is on a different network (or subnet or VLAN), but can connect to or access the CDE (e.g., via internal network connectivity.
  • System component can connect to or access the CDE via another system-for example, via connection to a jump server that provides access to the CDE).
  • System components can impact configuration or security of the CDE, or how CHD/SAD is handled-for example, a web redirection server or name resolution server.
  • System component provides security services to the CDE-for example, network traffic filtering, patch distribution, or authentication management.
  • System component supports PCI DSS requirements, such as time servers and audit log storage servers.
  • System component provides segmentation of the CDE from out-of-scope systems and networks-for example, firewalls configured to block traffic from untrusted networks.
  • System component does NOT store, process, or transmit CHD/SAD.
  • System component is NOT on the same network segment or in the same subnet or VLAN as systems that store, process, or transmit CHD.
  • System component cannot connect to or access any system in the CDE
  • System component cannot gain access to the CDE nor impact a security control for CDE via an in-scope system.
  • System component does not meet any criteria described for connected-to or security-impacting systems, per above.

PCI DSS Requirements

PCI DSS is the global data security standard adopted by the payment card brands for all entities that process, store or transmit cardholder data and/or sensitive authentication data. It consists of steps that mirror security best practices.

1. Install and maintain a firewall configuration to protect cardholder data.
2. Do not use vendor-supplied defaults for system passwords and other security parameters.

3. Protect stored cardholder data
4. Encrypt transmission of cardholder data across open, public networks

5. Protect all systems against malware and regularly update antivirus software or programs.
6. Develop and maintain secure systems and applications.

7. Restrict access to cardholder data by business need to know.
8. Identify and authenticate access to system components.
9. Restrict physical access to cardholder data.

10. Track and monitor all access to network resources and cardholder data
11. Regularly test security systems and processes

12. Maintain a policy that addresses information security for all personnel.

OUR CONSULTING APPROACH

Our consulting approach overview

Our strategy is to work collaboratively with the client to leverage your existing in-house resources and documentation.

Providing relevant knowledge, advice, methodology, and assistance to the extent required by the management.

We bring together professionals in information security and risk management, privacy, organizational design, business continuity, legal and compliance management in this process.

These combined skills are used to assess and design the Client’s PCI-DSS compliance controls.

Talk to Us..

We believe that communication and trust are the key factors in any security assessments. Please contact us via email or call us to get detailed documents on our GAP assessment and Technical Methodology.

Call Us

Call us today and talk to one of our experts.

Email Us

Email us your requirements and we will get back to you with detailed documents.

Close Menu