Learn About PCI Compliance
The Payment Card Industry (PCI) Council was created by American Express, Discover Financial Services, JCB International, MasterCard, and Visa Inc. The Council’s goal is to “develop, enhance, disseminate and assist with the understanding of security standards for payment account security.”
Consequently, the Council instituted the Payment Card Industry Data Security Standard (PCI DSS). Many versions have been created over the years as they learn about new threats and technology advances. PCI DSS provides a baseline of technical and operational requirements designed to protect account data.
Some of the requirements for PCI compliance can include:
A Report on Compliance (ROC) submitted by a Qualified Security Assessor (QSA) or signed by an Internal Auditor that is an officer of the company.
Submittal of an Attestation of Compliance (AOC) form.
Quarterly scans by an Approved Scanning Vendor (ASV).
Conduct penetration testing on internal, external, and wireless networks.
What Does This Mean?
By determining the scope of the PCI audit that applies to your Merchant Level and following through on the requirements. For Level 1 merchants, that means a full ROC, AOC and quarterly scanning by an ASV. For Levels 2-4, a Self Assessment Questionnaire (SAQ) that is specifically tailored to the merchant’s method of using credit cards (card not present, stand-alone terminals, web-based terminals etc.), an AOC and quarterly scanning by an ASV.
Scope Definition and Advisor Services
Don’t know what your PCI Merchant Level is, where your cardholder data is stored, or what are your compliance requirements are under PCI DSS? MainNerve QSA qualified personnel will sit down with you and ensure that your PCI DSS customer experience is appropriately scoped and tailored for your exact needs.
MainNerve has extensive experience helping Level 1 Merchants achieve PCI DSS compliance through the application of rigorous internal and external penetration tests as well as web and mobile based application penetration testing. These tests, when performed during a ROC conducted by a QSA, meet or exceed the penetration testing conditions required for PCI compliance. MainNerve’s penetration testers are all veterans with decades of experience and only perform penetration tests to the standards outlined in PCI DSS, NIST SP 800-115, OWASP and OSSTMM. MainNerve has performed these services to support Level 1 PCI requirements for companies as large as $34B and smaller vendors as well.
MainNerve partners with several highly reputable U.S. companies to bring in affordable QSA support when clients request them. These are highly experienced QSAs with decades of experience in PCI DSS ROC requirements and work with MainNerve penetration testers to quickly meet your needs.