Payment Card Industry - Data Security Standard (PCI-DSS)
A few ways we help our PCI-DSS Clients ...
Click here to contact us today for a no-cost, no-obligation consultation unique to your PCI-DSS compliance environment! Make security the way you do business!
If you accept credit cards as a form of payment, PCI-DSS is for you! The trend toward becoming a less cash-dependent economy has drawn more businesses into accepting cards as forms of payment for their goods and services. This is a convenience for the customer or clients. It is also an additional compliance requirement for the Merchant accepting this form of payment.
The Payment Card Industry - Security Standards Council (PCI-SSC) is the governing body which governs the payment card process and secures the nature of card transactions. Generally speaking, there are 12 Requirements which all PCI Merchants are required to manage effectively within their organization in order to maintain the ability to continue offering card transactions as a method of payment.
The current version of PCI-DSS is v3.2.1. All Merchants whether large (Level 1) or smaller (Levels 2, 3, or 4) must meet the same 12 Requirements known as the PCI Data Security Standard.
What is Required of you to maintain Compliance ...
2. Do not use vendor-supplied defaults for system passwords and other security parameters
4. Encrypt transmission of cardholder data across open, public networks
6. Develop and maintain secure systems and applications
8. Identify and authenticate access to system components
9. Restrict physical access to cardholder data
11. Regularly test security systems and processes
There are specific security controls behind each of the 12 Requirements which are audited for compliance. Compliance is required in order to continue card transaction as an authorized payment form. While an audit of the PCI-DSS Program typically occurs once annually near the end of the PCI-DSS Calendar year, demonstrated continuous compliance within your PCI-DSS Program is required (v3.1 going forward) throughout the year.
Digital Assurance Advisors offers full PCI-DSS Program service. Aside from the requirement for Level 1 Merchants to engage an outside audit firm annually, Level 2, 3 or 4 Merchants also value our Process-based Outcome model to ensure compliance and handle these complex issues that may not justify having full-time staff in-house.
Digital Assurance Advisors also offers incremental PCI-DSS Program service for every need below full service.