Payment Card Industry - Data Security Standard (PCI-DSS)

A few ways we help our PCI-DSS Clients ...

  • Attestation of Compliance (AoC)
  • Report on Compliance (RoC)
  • Penetration Test
  • Risk Assessment
  • ASV Vulnerability Scan and Remediation
  • Security Awareness Program
  • Implement and Manage the 12 Requirements (PCI Data Security Standard)
  • Version 4.0 Readiness
  • Continuous Compliance using Automation Processes

  • Click here to contact us today for a no-cost, no-obligation consultation unique to your PCI-DSS compliance environment! Make security the way you do business!

    If you accept credit cards as a form of payment, PCI-DSS is for you! The trend toward becoming a less cash-dependent economy has drawn more businesses into accepting cards as forms of payment for their goods and services. This is a convenience for the customer or clients. It is also an additional compliance requirement for the Merchant accepting this form of payment.
    The Payment Card Industry - Security Standards Council (PCI-SSC) is the governing body which governs the payment card process and secures the nature of card transactions. Generally speaking, there are 12 Requirements which all PCI Merchants are required to manage effectively within their organization in order to maintain the ability to continue offering card transactions as a method of payment.

    The current version of PCI-DSS is v3.2.1. All Merchants whether large (Level 1) or smaller (Levels 2, 3, or 4) must meet the same 12 Requirements known as the PCI Data Security Standard.

    What is Required of you to maintain Compliance ...

  • Build and Maintain a Secure Network and Systems
  • 1. Install and maintain a firewall configuration to protect cardholder data
    2. Do not use vendor-supplied defaults for system passwords and other security parameters
  • Protect Cardholder Data
  • 3. Protect stored cardholder data
    4. Encrypt transmission of cardholder data across open, public networks
  • Maintain a Vulnerability Management Program
  • 5. Protect all systems against malware and regularly update antivirus software or programs
    6. Develop and maintain secure systems and applications
  • Implement Strong Access Control Measures
  • 7. Restrict access to cardholder data by business need to know
    8. Identify and authenticate access to system components
    9. Restrict physical access to cardholder data
  • Regularly Monitor and Test Networks
  • 10. Track and monitor all access to network resources and cardholder data
    11. Regularly test security systems and processes
  • Maintain an Information Security Policy
  • 12. Maintain a policy that addresses information security for all personnel

    There are specific security controls behind each of the 12 Requirements which are audited for compliance. Compliance is required in order to continue card transaction as an authorized payment form. While an audit of the PCI-DSS Program typically occurs once annually near the end of the PCI-DSS Calendar year, demonstrated continuous compliance within your PCI-DSS Program is required (v3.1 going forward) throughout the year.

    Digital Assurance Advisors offers full PCI-DSS Program service. Aside from the requirement for Level 1 Merchants to engage an outside audit firm annually, Level 2, 3 or 4 Merchants also value our Process-based Outcome model to ensure compliance and handle these complex issues that may not justify having full-time staff in-house.

    Digital Assurance Advisors also offers incremental PCI-DSS Program service for every need below full service.