PCI-DSS Compliance Assessments

The Payment Card Industry Data Security Standard (PCI DSS) Program is a required set of security standards that were created by the PCI Security Standards Council to offer merchants and service providers a complete, unified way of safeguarding credit card account data.

The PCI Data Security Standard requirements apply to all entities that store, process, and / or transmit cardholder data.

The requirements apply to all methods of credit card processing, from manual to computerized; the most comprehensive and demanding of which apply to e-commerce websites, and retail POS systems that process credit cards over the Internet.

ISGRM Group, with its foundation of providing comprehensive information security validation and regulated security program compliance services to our credit union clients, recently introduced PCI-DSS compliance services, both in addition to our standard offerings and as a stand alone service. The PCI requirements continue to gain the attention of many organizations, yet confusion is abundant on what to do or even if they have to do anything about PCI.

Our approach is in line with the 12-step PCI compliance measures in order to:

  • Build and Maintain a Secure Network

    1-By constructing and maintaining a comprehensive Firewall to protect cardholder information

    2-By eliminating third party vendor, lax security criteria including passwords

  • Protect Cardholder Data

    3-By maintaining stored customer information privately

    4-By encrypting transmission of cardholder data across open, public networks

  • Maintain a Vulnerability Management Program

    5-By implementing anti-virus software controls

    6-By developing secure systems and applications

  • Implement Strong Access Control Measures

    7-By restricting cardholder access information to a “need-to-know” basis via the eCommerce solution

    8-By designating a unique online ID for each person accessing site from a computer

    9-By restricting access to physical payment card data

  • Regularly Monitor and Test Networks

    10-By constantly tracking and investigating cardholder data and network resource access

    11-By testing security protocols and protection processes

  • Maintain an Information Security Policy

    12-By up-keeping an industry standard awareness level commensurate with eCommerce security procedures

Benefits of PCI

• Reduce risk of breach and associated costs
• Fines
• Replacement cards
• Cost of fraud
• Reduce risk of reputational loss
• Loss of ability to process
• Loss of ability to accept payment cards
• Improve negotiation position with processors

ISGRM Group offers the following PCI compliance Services:

PCI DSS Gap Analysis / Readiness Assessment
• PCI DSS Remediation Support
• PCI DSS Assessment
• PCI Training
• QSA Consulting Services
• Network Testing
• External Vulnerability Scan
• Penetration Testing
• Internal Vulnerability Scans

 

For further information on our PCI Compliance Management Program, please contact one of our Sales representatives by calling (727) 537-9273 or by sending an email to This email address is being protected from spambots. You need JavaScript enabled to view it..