Payment Card Industry Data Security
PCI compliance serves a very important purpose: to protect your customers’ credit card data. But simply keeping current on compliance mandates does not mean you’re secure. Protecting your business from a data breach is critical and, in some cases, required by law. Without proper cyber security in place, everything is compromised. Can your company afford a data breach?
Understanding PCI Standards and Requirements
Loss of sensitive data is potentially devastating. Every year, thousands of businesses suffer direct and indirect monetary losses, pay substantial fines and fees, lose their customers’ loyalty and trust, endure reputation damage, fight lawsuits filed against the company and go bankrupt.
MainNerve is here to help. We work with our clients to make sure they understand and respond to these new challenges to protect themselves from the liability that comes with these new security standards. With over 12 years of experience and top industry experts, we will set you on the right path to a culture of compliance that meets all government mandated cyber security requirements.
MainNerve cyber security solutions and services will identify and resolve compliance gaps to enhance the security of your network so you can protect cardholder data. We start with MainNerve’s Regulatory Risk Assessment© and help you establish and maintain standards with our Strategic Security Roadmap©. MainNerve will regularly monitor and test networks and guide you through MainNerve’s Crosswalk to Compliance©.
Understanding PCI Standards and Requirements
Do you store, process or transmit credit card data? If you answered yes, then you are required to be compliant with PCI DSS standards. The level of compliance depends on the quantity of credit card transactions and the type(s) of credit cards your organization accepts.
Am I Already PCI Compliant?
Does Your Company…
- Install and maintain a firewall configuration to protect cardholder data?
- Prohibit the use of vendor-supplied defaults for system passwords and other security parameters?
- Protect stored data?
- Encrypt transmission of cardholder data across open, public networks?
- Use and regularly update anti-virus software?
- Develop and maintain secure systems and applications?
- Restrict access to cardholder data by business need-to-know?
- Assign a unique ID to each person with computer access?
- Restrict physical access to cardholder data?
- Track and monitor all access to network resources and cardholder data?
- Regularly test security systems and processes?
- Maintain and police address information security?
If you answered no to any of these questions, or you are simply not sure, you may not be PCI compliant. Need more information? Simply call 1-877-889-6600 or Contact Us for further info.
Compliance to any regulation is no simple undertaking. Compliance involves not only sophisticated technical solutions, but also administrative security programs and physical safeguards. MainNerve understands that, and has approached security not just from a cyber perspective, but from an information security program perspective. From risk assessments that identify and build strategic security and programmatic roadmaps, to tactical crosswalks that allow your company to measure incremental steps to compliance, MainNerve is your partner that can build a “culture of compliance”.
Vulnerability scanning is an automated process of identifying security vulnerabilities of information systems in a network to determine the presence of vulnerabilities that may be exploited. While public servers are important for communication and data transfer over the Internet, they may open the door to potential security breaches.
Vulnerability scanning is required by PCI to be performed at least quarterly and after any significant change in the network. This applies to both internal and external networks. With MainNerve’s expert services, you can be assured that you are meeting these requirements.
Penetration testing, also required by PCI, takes vulnerability scanning a little further. A vulnerability scan simply identifies and reports noted vulnerabilities, whereas a penetration test attempts to exploit the vulnerabilities to determine whether unauthorized access or other malicious activity is possible. Penetration testing includes network and application layer testing as well as controls and processes around the networks and applications. To be PCI compliant, penetration testing should occur at least annually and after significant changes to the network. MainNerve’s penetration testing services are trusted by Fortune 100 companies to meet their compliance needs.
PCI Readiness Assessment
Organizations that are new to the payments industry requirements would greatly benefit from a PCI Readiness Assessment. It is comprehensive series of self-guided questionnaires for preparing your organization for PCI compliance. A MainNerve PCI Readiness Assessment is a must for helping understand scope and potential deficiencies within your existing security infrastructure, while helping lay the groundwork for successful compliance with the PCI DSS framework. Moreover, the assessments are conducted off-site through a series of self-guided questionnaires, therefore minimizing disruption to your operations. These series questionnaires can be easily completed on your own time.
At MainNerve, we offer some of the best PCI consulting services available. As an information security firm with over 13 years of specialized experience helping companies and organizations better understand PCI regulations and requirements… we have the knowledge and expertise to assist your business.
PCI Self Assessment Consulting
Not all organizations are required to perform an annual onsite review by a Qualified Security Assessor (QSA). In some cases, a PCI Self-Assessment Questionnaire (SAQ) will have to be completed. As MainNerve has learned firsthand, completing the questionnaire may be time consuming and complex. It might take significant time in order to establish the necessary policies, procedures and security infrastructure needed to meet the requirements of the SAQ. MainNerve can provide assistance to ensure your organization is fully capable of meeting the requirements of the SAQ and ensuring its satisfactory completion.
Policies & Procedures
MainNerve has experienced, former CISO executives that have “walked a mile in your shoes” and have tremendous experience in putting plans into action, specifically the types of policies and procedures that keep our clients in compliance. In order to receive rational outcomes, a company must have guideposts that drive activity with clear left and right boundaries. On an as-needed basis, MainNerve will dedicate staff members that align with your objectives who can contribute quickly and with precision your business policies and procedures.
Once done, the customized training curriculum can follow such that the knowledge is transferred to employees and the program can be institutionalized with internal, as well as external stakeholders.
Policies and procedures can fall under several domains, including the clear documentation and knowledge transfer program that:
- Defines Enterprise Security Strategies
- Develops a Security Advisory Committee
- Establishes Policy Development
- Provides an Asset Protection Strategy
- Defines the Incident Response Program
- Provides On-Going Assessments
- Develops a Communications Plan
- Implements Testing & Validation Programs
- Provides Security Awareness Training
PCI Compliance Consulting Services
Here at MainNerve, we offer some of the best PCI consulting services available. As an information security firm with over 13 years of specialized experience helping companies and organizations better understand PCI regulations and requirements… we have the knowledge and expertise to assist your business.Contact Us