Overview

The Payment Card Industry Data Security Standard (PCI DSS) is a global security program designed to increase industry confidence and reduce risks to PCI members, merchants, service providers, and consumers. It was originally established by Visa and MasterCard in 1999 after numerous data breaches resulted in unwanted media attention. Since then it has been adopted by other payment card providers. It is applicable regardless of transaction volume or method of transaction.

Non-compliance can result in the following consequences: loss of confidential data, severe fines, revenue loss, and damaged reputation, loss of trust from the marketplace and financial sector, and litigation if private information is exposed. COE Security can help you comply with PCI DSS. For example, Requirement 6 and its sub-sections: vulnerabilities to be ranked and prioritized according to risk.

Key Benefits

Many organizations are realizing that a strong security policy can give them a competitive advantage, and that it isn't just an expense. By going beyond the minimum requirements and focusing on a broader security program, they can not only respond to and mitigate potential data breaches and attacks, but also serve customers more efficiently and improve their bottom line.

This maps well to COE Security philosophy, too. We advocate a "security approach to compliance" instead of a "compliance approach to security," because it's critical to have a strategy that's scalable, sustainable, and is backed by a culture that values security throughout the organization. This can help reduce the risk of breach and damage to your brand reputation, and help you manage your costs and resources.

Methodology

PCI Requirements &and our Solutions

BUILD AND MAINTAIN A SECURE NETWORK
Requirements	Solutions
1. Install and maintain a firewall configuration to protect cardholder data.	Firewall Assessments
PROTECT CARDHOLDER DATA
3. Protect stored cardholder data.	Application Security Assessments Cyber Data Theft prevention Cloud Security Solutions Network Security Solutions
4. Encrypt transmission of cardholder data across open, public networks.	Application Security Assurance Program Web Security architecture design Network Security Audits
MAINTAIN A VULNERABILITY MANAGEMENT PROGRAM
5. Use and regularly update anti-virus software or programs.	Antivirus Performance Assessments.
6. Develop and maintain secure systems and applications.	Application Security Solutions Cloud Security Solutions
IMPLEMENT STRONG ACCESS CONTROL MEASURES
7. Restrict access to cardholder data by business need-to-know.	Firewall Assessments Network Security Audits
8. Assign a unique ID to each person with computer access.	Security policy and Procedure development
9. Restrict physical access to cardholder data.	Security policy and Procedure development
Regularly Monitor and Test Networks
10. Track and monitor all access to network resources and cardholder data.	Security policy and Procedure development
11. Regularly test security systems and processes	Application security solutions, Network Security Solutions
Maintain an Information Security Policy
12. Maintain a policy that addresses information security for employees and contractors.	Security policy and Procedure development