Are you PCI compliant?
PCI Compliance is an ongoing process that can prove to be overwhelming for many businesses. The Payment Card Industry Data Security Standard (PCI DSS) is a fact of life for any organization that transmits processes, or stores payment card data.
According to PCI ComplianceGuide.org:
All merchants will fall into one of the four merchant levels based on Visa transaction volume over a 12-month period. Transaction volume is based on the aggregate number of Visa transactions (inclusive of credit, debit and prepaid) from a merchant Doing Business As (‘DBA’). In cases where a merchant corporation has more than one DBA, Visa acquirers must consider the aggregate volume of transactions stored, processed or transmitted by the corporate entity to determine the validation level. If data is not aggregated, such that the corporate entity does not store, process or transmit cardholder data on behalf of multiple DBAs, acquirers will continue to consider the DBA’s individual transaction volume to determine the validation level.
PCI Compliance Services
CKSS has partnered with Certify Audit Services to assess the following structures and processes of your infrastructure:
- Perimeter Firewall
- Vulnerability Management: Perimeter and internal scans of assets
- Secure Configuration of Servers, workstations, laptops, mobile devices, firewalls, routers and switches
- Protection of data at rest and in transmission
- Operation security: Antivirus software, Data loss prevention, event log management, patch management
- Governance: Policies and procedures to cover operation security processes
- Access Control Management
- Physical Access
- Tracking and monitoring user access to prevent data breach
- Test designated security systems