PCI DSS Assistance
Do you take credit card payments? This might be via your call centre, website, payment terminals or mobile app. If you store, process or transmit cardholder data, you have a requirement to meet the Payment Card Industry Data Security Standard (PCI DSS).
|
What is PCI DSS?
The goal of the PCI DSS is to protect cardholder data and sensitive authentication data wherever it is processed, stored or transmitted. The standard is comprehensive, and lays down the minimum security controls that must be in place. Even if you are redirecting to a 3rd party payment provider, such as WindCave, you still have responsibilities in regards to the security of credit card data.
Why does it matter?
Credit card fraud is a growing issue, and it's the responsibility of organisations to ensure they appropriately protect their customer's data. Ensuring you appropriately secure the environment can help you:
- Avoid breaches
- Maintain customer confidence
- Avoid non-compliance fines
How can we help?
PrivSec can help you with:
We have Payment Card Industry Professionals (PCIP) on staff who have an indepth knowledge of the PCI DSS standards, who are well placed to help you on your compliance journey.
- Defining your cardholder environment
- Conducting a full range of penetration testing required for your environment including:
- Application layer (web app/ mobile app/ API/ thick client) penetration testing conducted on applications within your PCI scope
- Network layer penetration testing that encompasses all components that support network functions as well as operating systems
- Network segregation testing
- Conducting a gap analysis of your environment
- Completing your Self Assessment Questionnaire (SAQ)
- Answering ad hoc questions regarding how to best meet the PCI standard
We have Payment Card Industry Professionals (PCIP) on staff who have an indepth knowledge of the PCI DSS standards, who are well placed to help you on your compliance journey.