PCI DSS Implementation
Payment Card Industry Data Security Standard (PCI-DSS) provides a security framework for developing a strong security process for credit card transactions. Any retailer/merchant or service merchant provider who accept, transmit or store cardholder data must be PCI compliant. We help our clients to set up infrastructure and application controls as per PCI DSS security standards and work closely with QSA auditors to close the GAP assessment. We assist our clients with quarterly scans, vulnerabilities remediation, SIEM solutions, Daily log reports, etc.
We have a dedicated team to work on PCI DSS implementation and certification. The team works closely with QSA auditors to fix the gaps and vulnerabilities.
Stay compliant, without manual effort
The 12 PCI compliance requirements are summarized below:
1
Maintain a firewall
Protects cardholder data inside the corporate network
2
Passwords need to be unique
Change passwords periodically, do not use defaults
3
Protect stored data
Implement physical and virtual measures to avoid data breaches
4
Encrypt transmission of cardholder data across public networks
Data must be encrypted, and you should never store card validation data
5
Antivirus
Use and regularly update antivirus on all systems holding sensitive data
6
Develop and maintain secure systems and applications
Actively search for vulnerabilities and remediate them
7
Restrict access to cardholder data
Sensitive data should be accessible on a need-to-know basis to reduce vulnerability
8
Restrict access to system components
Systems holding sensitive data should be accessible only with authentication and clear user identification
9
Restrict physical access to cardholder data
Ensure that unauthorized personnel cannot physically access equipment in the cardholder environment
10
Track and monitor access to network resources and cardholder data
To provide an audit trail and assist with breach investigations
11
Regularly test security systems and processes
Identify weaknesses and remediate them
12
Maintain a policy that addresses information security for all personnel
A clearly defined security policy stating the responsibilities of all personnel related to the payment cardholder environment
We have had the privilege of collaborating with the following Qualified Security Assessor (QSA) companies:
- Panacea InfoSec (P) Ltd.
- QRC Assurance and Solutions Pvt. Ltd
- CyberSigma Consulting Services LLP
- Global Technology & Information Security
- Kochar Consultants Private Limited
- SISA InfoSec
We have successfully completed PCI DSS projects for the following esteemed clients
Setup infrastructure as per PCI DSS standard
Servers, Network, application setup & hardening
Implementing and managing SOC and log solutions
24×7 event management and report generation
Daily log review and incident management
Firewall review and report submission
Work with QSA companies for PCI DSS certification, closure of GAP assessment, scans, etc.
Maintain PCI DSS compliance throughout the same and prepare for next year audit renewal
Vulnerability assessment and penetration testing
Record incidents and correlate them with the events
Setup MFA on admin consoles
Remediation of vulnerabilities reported in ASV scans
Prepare policy & procedure as per PCI norms
