what is PCI DSS?
PCI DSS is the Payment Card Industry Data Security Standard that was set to maintain a secure way to process credit card payments online by mandating security around storage and transmission of cardholder’s data and reducing data thefts.
The PCI standard has 12 high-level requirements which the organization has to follow in order to stay PCI compliant.
Benefits of PCI DSS Compliance
Build trust and boost the confidence of your customers
Boosting customer’s trust in your security
Prevents data breaches
Avoiding penalties/fines imposed by banks or card companies
Recent hacks
PCI DSS Principles
PCI DSS is the global data security standard adopted by the payment card brands for all entities that process, store or transmit cardholder data. The 12 requirements set forth by the PCI SSC are both operational and technical, and the core focus of these rules is to protect cardholder data at all times.
All requirements pertain to a principle, and these principles are:
Maintain firewall to protect consumer data
Secure network
Protect and encrypt cardholder data transmissions
Data protection
Maintain secure systems by targeting vulnerabilities.
Risk management
Restrict access to cardholder data by a need-to-know basis.
Access control
Regularly monitor networks and track access to resources, maintain a policy that addresses security.
Maintenence
Do you know?
Want a quick PCI DSS assessment?
WSA Approach
WSA adopts a phased approach to implement the PCI DSS compliance.
Phase 1: Information Gathering and Gap Assessment
- Kick off meeting
- Scoping-
- Understanding the business flow
- Identify and define the PCI DSS scope for compliance
- Gap Assessment- Review the compliance requirements versus the scope
Phase 2: Security Assessment Phase
- Risk assessment
- Vulnerability Assessment and Penetration Testing of the infrastructure and applications in scope
- LAN Segmentation Testing
- Firewall Ruleset Review
Phase 3: Remediation Phase
- Consulting on How to mitigate the Gaps
- PCI DSS Awareness training
- Review Policies and Procedures
- Modify or Create Policies and Procedures
- Support for closure of the Gaps
Phase 4: Certification Phase
- Prepare staff and service providers for final PCI DSS assessment
- QSA Assessment
