Warning: include(header1.php) [function.include]: failed to open stream: No such file or directory in /home/content/58/5010058/html/pcidss.php on line 37

Warning: include() [function.include]: Failed opening 'header1.php' for inclusion (include_path='.:/usr/local/php5_3/lib/php') in /home/content/58/5010058/html/pcidss.php on line 37

PCI DSS Services

Overview

Credit cards are widespread and their use for online payments is increasing dramatically. However this increase has also brought about a growth in credit card fraud. In March 2007, TJX Companies Inc. disclosed that at least 45.6 million credit and debit card numbers were stolen by hackers who broke into its network. Another case involved Card Systems Solutions in a theft of 40 million card holder data.

On August 18, in 2009 as reported by US News Today, Three men have been charged with stealing the numbers of more than 134 million credit and debit cards in what the US Justice Department said was the largest case of identity theft in US history.
Alberto Gonzalez, 28, from Miami, and two unnamed computer hackers, based in or near Russia, allegedly targeted 7-Eleven and other large corporations by uploading millions of customers’ details from internal computer systems onto servers that worked as hacking platforms.
pci dss requirements, pci dss 2, pci standards council, pci dss compliance, pci questions/ faq, pci auditor certification, pci security audit
pci qsa certification, pci roc, pci saq, visa pci standards, visa pci compliance dates, visa cisp compliance, 
mastercard pci deadlines

They allegedly breached the firewall of Heartland Payment Systems, a New Jersey-based bank card payment processor, stealing 130 million numbers. They allegedly stole 4.2 million card details from Hannaford Brothers, a Maine-based supermarket chain. An undisclosed number of card details were hacked from 7-Eleven, the Texas-based convenience store chain with outlets around the world,.

There could be many more such instances, which are not reported for the risk of brand image and reputation loss. Since companies are constantly at risk of losing sensitive cardholder data, which could result in fines, legal action and bad publicity, achieving compliance with the PCI DSS is now on a high on the agenda of companies who store, transmit or process credit card data. Furthermore, PCI DSS compliance needs to be achieved. Organizations that fail to comply face severe fines if the data is lost or stolen and risk not being allowed to handle cardholder data.


The Payment Card Industry Data Security Standard (PCI DSS)

The PCI DSS, a set of comprehensive requirements for enhancing payment account data security, was developed by the founding payment brands of the PCI Security Standards Council, including American Express, Discover Financial Services, JCB International, MasterCard Worldwide and Visa Inc. Inc. International, to help facilitate the broad adoption of consistent data security measures on a global basis.

pci roc, pci saq, visa pci standardsThe PCI DSS is a multifaceted security standard that includes requirements for security management, policies, procedures, network architecture, software design and other critical protective measures. This comprehensive standard is intended to help organizations proactively protect customer account data.

Any entity that stores, process and/ or transmits cardholders' data, it is mandatory to comply with PCI DSS. Entities include but not limited to:
» Merchants
» Acquirers
» Service Providers
» Trusted Third Parties

This applies to all payment channels including physical card presence, mail or telephone order, and e-commerce.

PCI DSS Requirements

The core of the PCI DSS is a group of principles and accompanying requirements, around which the specific elements of the DSS are organized:

Goals PCI DSS Requirements
Build and Maintain a Secure Network 1. Install and maintain a firewall configuration to protect cardholder data
2. Do not use vendor-supplied defaults for system passwords and other security parameters
Protect Cardholder Data
3. Protect stored cardholder data
4. Encrypt transmission of cardholder data across open, public networks
Maintain a Vulnerability Management Program 5. Use and regularly update anti-virus software
6. Develop and maintain secure systems and applications
Implement Strong Access Control Measures 7. Restrict access to cardholder data by business need-to-know
8. Assign a unique ID to each person with computer access
9. Restrict physical access to cardholder data
Regularly Monitor and Test Networks 10. Track and monitor all access to network resources and cardholder data
11. Regularly test security systems and processes
Maintain an Information Security Policy 12. Maintain a policy that addresses information security

ECOM’s PCI DSS Compliance Program

PCI DSS Compliance Services are among the core competencies of ECOM . ECOM is the approved Qualified Security Assessor (QSA) for India by PCI DSS Council. Our PCI compliance services include:
» Pre Audit checks and Technical Auditing
» GAP Analysis
» Compliance Audits / ROC & SAQ Completion
» Consultation on payment process and architectural design.
» Education & Assessment Preparation
» Compliance Advisory & Support
» Onsite QSA Audits
» Remediation and Managed Services (Consulting as well as SAAS)
pci questions/ faq, pci auditor certification, pci security audit, pci qsa certification

Advantage ECOM

  • Proven track record in Information Security Domain with offices in Mumbai India and IL, USA. Our Consultants are SME’s (Subject Matter Experts) with multiple certifications such as CISA, CISM, CGEIT, CISSP, CEH, PCI QSA, ISO 27001/20000 LA, ITIL PMP etc. ECOM has been in existence since 1983 and is listed on BSE (Mumbai Stock Exchange) since 1996.
  • Structured approach for timely compliance ECOM uses Project Management Methodology for enabling our clients to get PCI DSS Compliance as quickly, systematically and painlessly as possible, thus reducing your costs.
  • Remediation and Managed Services ECOM is also a business partner of many technology solutions companies such as IBM and is updated in the automated compliance market space. ECOM provides remediation solutions for Log Management, SIEM, Enterprise Security Management, IT GRC Tools (with PCI DSS Controls out of the box), Single Sign On, Identity and Access Management etc. ECOM offers SAAS for Log /SIEM and for IT GRC.
  • Expertise ECOM has worked on core IT Controls for many compliance requirements and framework implementations/ best practices such as ISO27001/2, ISO 20000, COBIT, SOX, HIPAA, GLBA, PCI DSS etc in most verticals.

For more details please contact us

pci dss requirements, pci dss 2, pci standards council, pci dss complianceDownload this content and PCI DSS FAQ’s in PDF

Copyrights © 2009-10. All Rights Reserved. Ecom Infotech
Email Us:
info@ecominfotech.biz Telephone: +91-98694-36685 (India)