ips

WHAT IS THE PCI DSS?

The Payment Card Industry Data Security Standard (PCI DSS) offers a single approach to safeguarding sensitive data for all card brands. The PCI DSS version 1.1, a set of comprehensive requirements for enhancing payment account data security, was developed by the founding payment brands of the PCI Security Standards Council, including American Express, Discover Financial Services, JCB, MasterCard Worldwide and Visa International, to help facilitate the broad adoption of consistent data security measures on a global basis. The PCI DSS is intended to protect cardholder data-wherever it resides and to ensure that members, merchants, and service providers maintain a high information security standard.

The PCI DSS consists of twelve basic requirements supported by more detailed sub-requirements. These requirements apply to all system components, which is defined as "any network component, server, or application included in, or connected to, the cardholder data environment." Network components, include, but are not limited to, firewalls, switches, routers, wireless access points, network appliances, and other security appliances. Servers include, but are not limited to, Web, database, authentication, Domain Name Service (DNS), mail, proxy, and Network Time Protocol (NTP). Applications include all purchased and custom applications, including internal and external (Web) applications.

COVERED ENTITIES

The card companies require within their respective card holders protection programs that all merchants and service providers that store, process, or transmit cardholder data will comply with the PCI requirements. The protection programs apply to all payment channels, including retail, mail/telephone order, and e-commerce. In addition all service providers with access to cardholder data (including hosting providers) must adhere to the PCI DSS.

POTENTIAL PENALTIES FOR NON-COMPLIANCE

The penalties for not complying with the requirements of the PCI standard vary between the different card holder protection programs. If a merchant or service provider does not comply with the security requirements or fails to rectify a security issue, Visa may fine the acquiring member, or impose restrictions on the merchant or its agent.

HOW IPS CAN HELP YOUR COMPANY BECOME PCI COMPLIANT

As a Qualified Security Assessor Company (QSAC), IPS has Qualified Security Assessors (QSAs) on staff for providing preliminary gap analysis, remediation and audit services. Our QSAs can also work in a training and guidance capacity through Self Assessment Questionnaires and determining the proper Merchant Levels for Level 1 to 4 companies. With our intimate knowledge of PCI scanning appliances, and internal expertise, IPS provides immediate and knowledgeable remediation advice and further assistance in developing secure IT practices to ensure future compliance. These services are delivered using PCI DSS version 1.2 Standards and practice methodologies, and years of staff experience. Our expertise provides a unified, cost-effective answer to your business challenges.