What is PCI-DSS?
Payment Card Industry Data Security Standard (PCI DSS) is a security standard Required of all companies and organizations that gather, store, process or transmit customers’ payment card data for purchases of services and products.
This standard is multifaceted as it includes 12 requirements for protecting payment cards:
- Install and maintain a firewall configuration to protect cardholder data
- Do not use vendor-supplied defaults for system passwords and other security parameters
- Protect stored cardholder data
- Encrypt transmission of cardholder data across open, public networks
- Use and regularly update anti-virus software or programs
- Develop and maintain secure systems and applications
- Restrict access to cardholder data by business need to know
- Assign a unique ID to each person with computer access
- Restrict physical access to cardholder data
- Track and monitor all access to network resources and cardholder data
- Regularly test security systems and processes
- Maintain a policy that addresses information security for all personnel
Companies must adhere to this standard in an effort to prevent unauthorized use of data, negligent data storage methods, and cyber threats in their payment account data management systems. Companies that do not meet the PCI DSS requirements could incur fines and increased transaction costs in addition to the reputational risk of a breach of payment card data.
How we can help
Our team of Qualified Security Assessors (QSA’s), certified by the PCI Security Standards Council, will determine if your data storage and security management systems meet PCI DSS standards. We will evaluate your organizational policies, system management, software designs and network architecture to ensure that there are effective security measures in place to protect cardholder data. We will determine if your company qualifies for certain Self-Assessment Questionnaires (SAQs), or if you may need to have a quarterly vulnerability scan.
PCI data security standard assessment services
Assesses an organization’s security against PCI DSS controls and suggests gap remediation strategies.
PCI data security standard remediation services
Provides feedback on remediation actions targeted to close identified compliance gaps.
PCI report on compliance (ROC)
Provides an independent validation of PCI DSS compliance and a ROC that can be submitted to an acquirer or one of the card associations (VISA, MasterCard, American Express, Discover, JCB).
PCI report on compliance (SAQ)
Provides SAQ assistance, featuring a wide range of reporting options.
PCI-compliant external network security scanning
Fulfills the DSS vulnerability scanning requirement and requires a QSA and ASV.
PCI-compliant penetration testing
Determines if possible vulnerabilities in Internet-facing applications and systems jeopardize cardholder data security.
Why is AWA your right choice?
- As one of the few QSA firms, we offer unparalleled experience across the PCI compliance regime.
- AWA efficiently delivers PCI services that minimize disruption, miscommunication and the risk of schedule delays and budget overruns.
- As a leader in security compliance, AWA leverages existing audits (eg. SOC1, SOC2, SOC3, HITRUST CSF, NIST, etc…) to provide cost savings.
- Customers receive a tailored compliance solution built on a comprehensive portfolio of compliance services.
- AWA not only provides security experts, but also CPAs and business risk experts to ensure our services and optimize the return on your compliance investment by providing outcomes that support broader corporate security and risk management goals.
Start the PCI-DSS process by contacting trusted QSAs and requesting a quote from AWA today.