PCI Compliance for Retail and eCommerce
| What You Need to Do | How Redspin Can Help |
|---|---|
| PCI DSS Version 2.0 — Annual IT Audit Every organization that processes, stores, or transmits card holder information must validate compliance with the standard annually by completing a self assessment questionnaire (SAQ) or pass an audit by a Qualified Security Assessor (QSA). To assist the organization with the SAQ or help prepare them to pass the next QSA audit, a PCI DSS Gap Analysis is recommended to test implemented controls and identify specific PCI DSS requirements missing in the environment. | PCI DSS Gap Analysis |
PCI DSS Requirement 6.6 — Web Application Testing
For public-facing web applications, address new threats and vulnerabilities on an ongoing basis and ensure these applications are protected against known attacks by either of the following methods:
|
Web Application Security Assessment |
| PCI DSS Requirement 11.3 — Penetration Testing Perform external and internal penetration testing at least once a year and after any significant infrastructure or application upgrade or modification (such as an operating system upgrade, a subnetwork added to the environment, or a web server added to the environment). Infrastructure and/or application penetration may be necessary depending on your card holder environment |
External Network Security Assessment |
Consumers are not the only ones at risk. Merchants, financial institutions and service providers bear great responsibility in safeguarding personal data. They themselves can be subject to significant losses due to unpaid bills, regulatory fines, and brand damage. Increased losses associated with fraud can erode trust in the Internet marketplace and impact a company's bottom line.
In response to these real concerns, the industry adopted the Payment Card Industry's Data Security Standard (PCI DSS). Developed by the founding payment brands of the PCI Security Standards Council, PCI DSS helps facilitate the broad adoption of consistent data security measures on a global basis. Specifically, PCI DSS is a set of comprehensive requirements for enhancing payment account data security.
The formidable influence exerted by global payment brands such as American Express, Discover Financial Services, JCB International, MasterCard Worldwide, Visa Inc., has made compliance with PCI DSS a virtual mandate. In addition, these payment companies enforce the rules and can assess penalties.
Today, every entity in every channel (including financial institutions, merchants, and service providers) that stores, processes, or transmits payment card data — including catalog and online retailers as well as brick-and-mortar businesses — must be in compliance with the PCI Data Security Standard (PCI DSS). It is vital to their success.
Redspin helps some of the world's largest corporations, major retail outlets and eCommerce companies achieve and maintain compliance with PCI DSS. While the size of the company determines the level of requirements that must be met, we consider specific PCI compliance as a starting point, a baseline minimum requirement. Then we go the extra mile to ensure that our clients' data cannot be compromised. We don't stop at a checklist — we dig deeper into the security of our client's overall IT infrastructure. At Redspin, our business is helping business.
Additional Redspin Services
