The tremendous increase that occurred in the last several years at credit cards frauds and data breaches to online billing systems and websites, demonstrated the need of a structured security controls.

 

In addition, the desire to have independent standardization process not dictated by the government, led the credit card companies to unite and establish standards council that determined a mandatory standard called the Payment Card Industry Data Security Standard or PCI-DSS briefly. The PCI-DSS standard requirements rate all the companies that process credit cards into four levels (1-4), based on the number of annual transactions carried out by the company and its exposure level. The Standard is divided into 12 professional security requirements and enforce the companies to take information security measures while processing credit card numbers, at the ongoing process stage, and when executing transactions and saving data as well.

 

Generally speaking, the companies comply to the standard are required to answer a questionnaire (including over 200 professional security questions), undergo quarterly scans of all external IP addresses and perform external penetration test once a year. IPV Security has continuous contact with the credit card companies. In order to find out your organization's rating level and the relevant standard's requirements and timetables to be meet for their implementation, you can contact us by the following email-  This email address is being protected from spambots. You need JavaScript enabled to view it.

IPV Security has customers required to comply the standard' requirements, to which the company provides broad and diverse set of services that aims to help them meet all standard' requirements, and simultaneously increase the organizational information security level, reduce information assets  exposure level to vulnerabilities from various threats origins, and all of that while optimizing the resources needed to gaps remediation.

The tests framework, consulting and guidance relating to the Information Security issues of the PCI-DSS standard requirements combines the assets based assessment methodology of IPV Security with the most advanced technologies of IT systems and infrastructure testing. The scans framework includes using testing tools approved and certified by the PCI council.

 

For the official standard site, click here.

12 Security Requirements of the PCI-DSS standard

 

 

 

Build and Maintain a Secure Network and Systems

Requirement 1: Install and maintain a firewall configuration to protect cardholder data

Requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters

 

Protect Cardholder Data

Requirement 3: Protect stored cardholder data

Requirement 4: Encrypt transmission of cardholder data across open, public networks

 

Maintain a Vulnerability Management Program

Requirement 5: Protect all systems against malware and regularly update anti-virus software or programs

Requirement 6: Develop and maintain secure systems and applications

 

Implement Strong Access Control Measures

Requirement 7: Restrict access to cardholder data by business need to know

Requirement 8: Identify and authenticate access to system components

Requirement 9: Restrict physical access to cardholder data

 

Regularly Monitor and Test Networks

Requirement 10: Track and monitor all access to network resources and cardholder data

Requirement 11: Regularly test security systems and processes

 

Maintain an Information Security Policy

Requirement 12: Maintain a policy that addresses information security for all personnel