PCI DSS

Payment Card Industry Data Security Standard

Overview

What is PCI DSS?

The Payment Card Industry Data Security Standards (PCI DSS) is a minimum set of technical and organizational requirements designed to help businesses protect customers’ cardholder data against fraud through robust payment security.

All organisations that accept or process credit card payments are required to undertake an annual PCI DSS audit of security controls and processes, covering areas of data security such as retention, encryption, physical security, authentication and access management.

PCI DSS is enforced by the founding members of the PCI Council: American Express, Discover Financial Services, JCB, MasterCard and Visa Inc. Organizations deemed to fall short of required payment security standards, or those who are not working towards achieving compliance, are liable to receive a fine.

PCI DSS requirements

The PCI DSS version 3.2 encompasses six key objectives, split across a set of 12 requirements.

Key PCI DSS requirements:
  1. Build and maintain a secure network
  2. Protect cardholder data
  3. Maintain a vulnerability management programme
  4. Implement strong access control measures
  5. Regularly monitor and test networks
  6. Maintain an information security policy

What cardholder data is protected?

PCI DSS applies to all organisations, such as merchants and service providers, that store, process and transmit cardholder data (CHD) and/or sensitive authentication data (SAD).

Cardholder data includes: Primary Account Number, Cardholder Name, expiration date and service code.

Sensitive authentication data includes full track data (magnetic stripe data or equivalent on a chip) and CAV, CVC, CVV and CID numbers, PINS and PIN blocks.

Our PCI DSS Consulting Services

PCI GAP Assessment

Assess the current state of your PCI Compliance using the PCI gap assessment methodology.

PCI Penetration Testing

Our Security analysts will perform required PCI security testing services mandated by the PCI Standard.

PCI Penetration Testing

Develop Risk Treatment Plans to remediate the gaps and risks identified to acceptable levels.

PCI Remediation Support

Vtangent’s Team will help you identify the right solutions that may fast track your remediation process.

Technology Implementations

Advisory on remediation of technology gaps and implementation of technical controls.

Technology Implementations

Advisory on remediation of technology gaps and implementation of technical controls.

ASV Scans

Vtangent’s team will perform the ASV scans and coordinate with you until passing scans are obtained.

Security Awareness

All your employees receive security awareness through cloud portal helping you improve human side of security.

PCI DSS Consulting Approach

1.SCOPE DETERMINATION

Our expert implementer’s start by understanding the business process, realizing the current state of the IT infrastructure. We list out the assets or network segment in the current scope.

2. GAP ANALYSIS

We perform a detailed assessment of the shortcomings of the current state of IT assets against the recommended standards of PCI DSS and industry best practices.

3. IMPLEMENTATION

Aligning current processes with the guidelines of PCI, keeping in mind the latest recommendations of PCI DSS. We implement necessary controls and modify current information flow processes to improve the security posture of the organization.

4. INTERNAL AUDIT

Under this stage, we perform a final checklist-oriented audit to verify adherence to suggested controls and implementation. This helps us rectify process oversights and enforce employee level controls if needed.

5. CERTIFICATION

Certification process is carried out by independent auditors, not by the implementer’s. We bring the auditor for the certification process. Thus, we take care of end to end process from scope determination to certification making the whole process easy for the client.

Why Vtangent ?

Reasons you can rely on us.

High-quality Service

Outcome Focused

Actionable & Detailed Reports

Product Agnostic

learn more

Expertise

Vtangent employs highly-certified and experienced cybersecurity professionals with deep expertise in a broad range of security domains. Our security qualifications: 

Contact Us

Tell us About Your Cybersecurity Needs.
Get a free quote !

A specialist will reach out to:

  • Understand your needs
  • Determine your project scope
  • Provide a cost estimate
  • Send you a detailed proposal

Email: info@vtangent.com