PCI DSS is the Payment Card Industry Data Security Standard that was set to maintain a secure way to process credit card payments online by mandating security around storage and transmission of cardholder’s data and reducing data thefts.
The PCI standard has 12 high-level requirements which the organization has to follow in order to stay PCI compliant.
Benefits of PCI DSS Compliance
Build trust and boost the confidence of your customers
Boosting customer’s trust in your security
Prevents data breaches
Avoiding penalties/fines imposed by banks or card companies
WannaCry: Ransomware attack(2017)
Affected more than 200,000 computers across 150 countries, with damages ranging up to billions of dollars.
Boston Children’s Hospital DDoS attack (2016)
DDoS attack led to donations page being shut down and an estimated 300,000 dollars lost in repairs.
Risk of “medjacking”
The security flaw that researchers discovered in General Electric respirators and anaesthesia machines.
PCI DSS Principles
PCI DSS is the global data security standard adopted by the payment card brands for all entities that process, store or transmit cardholder data. The 12 requirements set forth by the PCI SSC are both operational and technical, and the core focus of these rules is to protect cardholder data at all times.
All requirements pertain to a principle, and these principles are:
Maintain firewall to protect consumer data
Protect and encrypt cardholder data transmissions
Maintain secure systems by targeting vulnerabilities.
Restrict access to cardholder data by a need-to-know basis.
Regularly monitor networks and track access to resources, maintain a policy that addresses security.
WSA adopts a phased approach to implement the PCI DSS compliance.
Phase 1: Information Gathering and Gap Assessment
Kick off meeting
Understanding the business flow
Identify and define the PCI DSS scope for compliance
Gap Assessment- Review the compliance requirements versus the scope
Phase 2: Security Assessment Phase
Vulnerability Assessment and Penetration Testing of the infrastructure and applications in scope
LAN Segmentation Testing
Firewall Ruleset Review
Phase 3: Remediation Phase
Consulting on How to mitigate the Gaps
PCI DSS Awareness training
Review Policies and Procedures
Modify or Create Policies and Procedures
Support for closure of the Gaps
Phase 4: Certification Phase
Prepare staff and service providers for final PCI DSS assessment
Take a peak into sample report
Our deliverables are comprehensive in nature that address both technical and business audiences.