The tremendous increase that occurred in the last several years at credit cards frauds and data breaches to online billing systems and websites, demonstrated the need of a structured security controls.
In addition, the desire to have independent standardization process not dictated by the government, led the credit card companies to unite and establish standards council that determined a mandatory standard called the Payment Card Industry Data Security Standard or PCI-DSS briefly. The PCI-DSS standard requirements rate all the companies that process credit cards into four levels (1-4), based on the number of annual transactions carried out by the company and its exposure level. The Standard is divided into 12 professional security requirements and enforce the companies to take information security measures while processing credit card numbers, at the ongoing process stage, and when executing transactions and saving data as well.
IPV Security has customers required to comply the standard' requirements, to which the company provides broad and diverse set of services that aims to help them meet all standard' requirements, and simultaneously increase the organizational information security level, reduce information assets exposure level to vulnerabilities from various threats origins, and all of that while optimizing the resources needed to gaps remediation.
The tests framework, consulting and guidance relating to the Information Security issues of the PCI-DSS standard requirements combines the assets based assessment methodology of IPV Security with the most advanced technologies of IT systems and infrastructure testing. The scans framework includes using testing tools approved and certified by the PCI council.
IPV Security was selected by Israel Hotel Association as the recommended company for implementation of the PCI-DSS standard at hotels in Israel.
For the official standard site, click here
12 Security Requirements of the PCI-DSS standard
Build and Maintain a Secure Network and Systems
Requirement 1: Install and maintain a firewall configuration to protect cardholder data
Requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters
Protect Cardholder Data
Requirement 3: Protect stored cardholder data
Requirement 4: Encrypt transmission of cardholder data across open, public networks
Maintain a Vulnerability Management Program
Requirement 5: Protect all systems against malware and regularly update anti-virus software or programs
Requirement 6: Develop and maintain secure systems and applications
Implement Strong Access Control Measures
Requirement 7: Restrict access to cardholder data by business need to know
Requirement 8: Identify and authenticate access to system components
Requirement 9: Restrict physical access to cardholder data
Regularly Monitor and Test Networks
Requirement 10: Track and monitor all access to network resources and cardholder data
Requirement 11: Regularly test security systems and processes
Maintain an Information Security Policy
Requirement 12: Maintain a policy that addresses information security for all personnel