Payment Card Industry Services
The Payment Card Industry (PCI) Data Security Standard (DSS) must be complied with by all organisations that accept or store information from credit or debit cards provided by members of the PCI Security Standards Council (SSC).
The DSS requires merchants and member service providers (MSPs) who store, process or transmit cardholder data to: -
- Build and maintain a secure IT network
- Protect cardholder data
- Maintain a vulnerability management program
- Implement strong access control measures
- Regularly monitor and test networks
- Maintain an information security policy
Additionally, the standard mandates that based on a merchant's activity, differing levels of required compliance apply. However, merchants at all levels must conduct a quarterly scan by an Approved Scanning Vendor (ASV).
The scan entails ensuring that all of the merchant's Internet-facing infrastructure is independently tested to ensure that it is not susceptible to any major security vulnerabilities within the network design, system builds, firewall rulebases or network applications.
Digital Assurance are a PCI ASV (certificate number 4260-01-01) with the primary aim of ensuring that our clients comply with PCI regulatory requirements as quickly and smoothly as possible. Not only do we identify and report on any serious flaws within our client's architecture, we work with them to ensure that they can be remediated as quickly as possible prior to a re-test.
To learn more about Digital Assurance's PCI ASV service, or to commission a
test, email contact@digitalassurance.com.