Make Redspin your trusted partner in helping you achieve compliance with the Payment Card Industry Data Security Standard (PCI DSS). These standards were adopted by the founding members of the PCI Security Standards Council including American Express, Discover Financial Services, JCB International, MasterCard Worldwide and Visa Inc.
PCI applies to every company – small, medium or large -- that stores, processes or transmits cardholder information. Both e-commerce companies and those using POS devices must be 100% PCI compliant and many go “the extra mile” to ensure that their data cannot be compromised.
Redspin performs PCI assessments for those institutions that must be PCI compliant and have a genuine concern about the security of their infrastructure. As an independent auditor (we don't sell IT implementation services, hardware or software) our findings are objective and focus on ensuring the most cost-effective path to security.
PCI Specific Services Include:
- External Network Penetration Testing — Can a hacker access our internal systems/data from the Internet?
- Internal Network Penetration Testing — Lets say I have a hacker break in from the Internet or a rogue employee: once on the inside what can they access and what sensitive information can they jeopardize?
- Application Penetration Testing — Can someone access sensitive systems and data from the Internet by leveraging our website?
- Wireless Security Assessment — I use wireless: what risk do I have of sensitive data loss or intrusion due to wireless? (or: Do I use wireless but don't know it?)
- PCI DSS Pre-Audit — I don't understand the PCI DSS and need help understanding how the DSS applies to me as; well as practical guidance on what controls I need in order to be compliant and secure.
Institutions striving for PCI DSS compliance can contract Redspin to help fulfill Requirement 11 of the PCI DSS. With one of our top notch security assessments you will not only be compliant but will identify important security risks.
Objective consulting, overview, and guidance free of charge for 30 minutes from the Security A Team.
|
PCI Compliance Services |
|
PCI Requirement |
Redspin Service |
PCI DSS Requirement 11.1:
Test for the presence of wireless access points by using a wireless analyzer at least quarterly. |
Redspin Wireless Security Assessment |
PCI DSS Requirement 11.2a:
Run an internal network vulnerability scan at least quarterly and after any significant change in the network. |
Redspin provides vulnerability scanning services as well as our more in-depth Internal Network Security Assessment |
PCI DSS Requirement 11.2b:
Contract an ASV to perform an external network vulnerability scan in accordance with the PCI Security Scanning procedures at least quarterly. |
Request Pricing |
PCI DSS Requirement 11.3.1:
PCI Penetration Test: perform network-layer penetration testing at least once a year and after any significant infrastructure upgrade or modification. |
Redspin External Network Security Assessment |
PCI DSS Requirement 11.3.2:
Perform application-layer penetration testing at least once a year and after any significant application upgrade or modification. |
Redspin performs application-layer penetration testing, including our Web Application Security Assessment |
|
Confused about what the PCI requires and how it affects you?
 View our PCI Merchant Levels and Validation Requirements
Frequently Asked Questions
If I have an ASV conduct an external network scan and no vulnerabilities are found does that mean I am compliant with the PCI DSS?
No, performing a quarterly network PCI scan fulfills only one part of Requirement 11 of the DSS. In order to be PCI DSS compliant you must fulfill all 12 requirements of the DSS, including the other security assessments found in Requirement 11.
How will my compliance be checked?
While the PCI Security Standards Council develops and maintains the PCI Data Security Standard it does not attempt to audit or enforce compliance. Each credit card brand sets its own standards for auditing and reporting compliance. For merchants processing Visa, MasterCard, and American Express credit cards the validation requirements are determined by their merchant level. The merchant level is determined by the number of credit card transactions conducted annually. To determine your merchant level, please review the tables on the merchant level reference page for the specific validation requirements of Visa, MasterCard, and American Express.
If my organization is not a level 1 merchant, does that mean the only requirement I have to fulfill is to obtain a quarterly external network scan?
No, every organization that transmits, stores or processes credit card data must fulfill all of the requirements enumerated by the PCI DSS. While level 1 merchants are currently the only organizations that are required to perform an annual on-site audit to verify PCI DSS compliance, all merchants are expected to implement the PCI DSS requirements in full.
Is Requirement 11.2b the only part of Requirement 11 that must be completed by an ASV?
Yes, the PCI DSS does not stipulate that the other PCI scans and PCI penetration tests in Requirement 11 must be performed by an ASV or QSA. An institution can perform these actions internally or hire an outside consultant to perform them.
View More FAQ:
View More Redspin PCI DSS Frequently Asked Questions
Contact Us for a Free 30-Minute Consultation
For more information about a PCI scan, a PCI penetration test, or other services to help you become PCI DSS compliant, please email us at:
info@redspin.com
|
