PCI compliance

Payment Card Industry Data Security Standard (PCI DSS) is a set of universal security standards for all organisations handling cardholder data.

Compliance consultancy

We offer expert advice on regulatory compliance via our sister company, Cognosec. Cognosec is a Qualified Security Assessor (QSA), meaning it is certified by the PCI Security Standards Council to assess your compliance levels and provide services including:

    • PCI vulnerability scan
    • PCI gap assessment
    • PCI on-site assessment
    • PCI remediation
    • PCI security awareness program

PCI DSS requirements

There are twelve specific requirements and procedures for attaining PCI DSS compliance, split across six areas:
 

Goals PCI DSS Requirements
Build and Maintain a Secure Network
  1. Install and maintain a firewall configuration to protect cardholder data
  2. Do not use vendor-supplied defaults for system passwords and other security parameters
Protect Cardholder Data
  1. Protect stored cardholder data
  2. Encrypt transmission of cardholder data across open, public networks
Maintain a Vulnerability Management Program
  1. Use and regularly update anti-virus software or programs
  2. Develop and maintain secure systems and applications
Implement Strong Access Control Measures
  1. Restrict access to cardholder data by business need to know
  2. Assign a unique ID to each person with computer access
  3. Restrict physical access to cardholder data
Regularly Monitor and Test Networks
  1. Track and monitor all access to network resources and cardholder data
  2. Regularly test security systems and processes
Maintain an Information Security Policy
  1. Maintain a policy that addresses information security for all personnel

Our additional services

As your business grows, your ecommerce offering should too. Secure Trading Financial Services offers a range of additional solutions to help your business.