PCI DSS compliance
VISA, MasterCard, American Express, Diners, Discover Card and JCB have together created the industrial data security standard in order to protect their users. Payment Card Industry Data Security Standard (PCI DSS) binds all subjects in credit card business (salespersons, banks and service providers) to protect card owners’ data.
All banks and service providers must be certified by qualified security assessors (QSA) and approved scanning vendors (ASV), in order to retain the right to process card payments.
Global payment systems have given their responsibility to banks and service providers to assure their compatibility with the PCI DSS. The names of certified providers are listed on VISA and PCI Council official web sites to show their clients that their systems are safe. Incompatibility with the standard entails financial penalties and the possibility of complete exclusion from the credit card business.
Basic PCI DSS requirements include:
- network security,
- credit card user data protection,
- managing system vulnerabilities,
- access control,
- testing and monitoring the network,
- security policy maintenance.
The scope of the service encompasses:
- project management,
- consulting for the achievement of harmonization with PCI DSS requirements,
- services of company Trustwave, the leading QSA (Qualified Security Assessor) and ASV (Approved Scanning Vendor) in the world,
- compatibility level assessment (gap analysis),
- establishing organizational controls (policies, rulebooks etc.) for achieving compatibility with the standard,
- assistance with filling out Self-Assessment Questionnaire-a (SAQ) for salespersons.