PCI-DSS Compliance Services

If you are collecting credit card data from your customers it is your responsibility to protect that data, your customers are trusting that you do. If you are found to be out of compliance, you assume the risk and consequences from not being in compliance.

PCI compliance is a serious security measure needed to ensure your customer credit card data is safe and secure. We have over 20 years of experience protecting customer data from small online stores to enterprise level agencies such as the DC Metro Rail. Let our consultants find a solution to secure your customer data and ensure you're in compliance while storing their prescious credit card data.

PCI-DSS Security Standards

The Payment Card Industry Data Security Standard (PCI-DSS) was a security framework established by the major card brands such as Visa, American Express, Mastercard, and Discover. Their intent was to create a standard set of security controls to help reduce fraud by organizations that handled, transmitted or stored credit card data on the internet. In 2004 the first PCI-DSS standard was released, version 1.0, that was the first set of controls for organizations that processed credit cards on the internet were mandated to comply with.

PCI-DSS Requirements

The PCI-DSS has major release ever 3 years, with sub-releases as necessary. The latest version, v3.2, was released April 2016. There PCI-DSS standard is broken down into 12 major sections:

• Build and Maintain a Secure Network
  1. Install and maintain a frewall confguration to protect cardholder data
  2. Do not use vendor-supplied defaults for system passwords and other security parameters
• Protect Cardholder Data
  1. Protect stored cardholder data with encryption.
  2. Encrypt transmission of cardholder data across open, public networks
• Maintain a Vulnerability Management Program
  1. Use and regularly update anti-virus software or programs.
  2. Develop and maintain secure systems and applications.
• Implement Strong Access Control Measures
  1. Restrict access to cardholder data by business need to know.
  2. Assign a unique ID to each person with computer access.
  3. Restrict physical access to cardholder data.
• Regularly Monitor and Test Networks
  1. Track and monitor all access to network resources and cardholder data.
  2. Regularly test security systems and processes.
• Maintain an Information Security Policy
  1. Maintain a policy that addresses information security for all personnel.