This service consists of a review currently present controls in the information system users. Based on results and client category with regard to the requirements of PCI DSS standards, produces a list of activities that a user needs to be done to control the full, and that the system user was in compliance. During the implementation of these controls, working and advising on the manner and extent of implementation of control.
A few words about the PCI DSS standard:
Credit card companies VISA, MasterCard, American Express, Diners Club, Discover Card and JCB launched a project to create an industry standard and established the PCI council, a body that represents the interests of the card industry. It has issued several standards to protect cardholder data, and one of them is the PCI DSS. (Payment Card Industry Data Security Standard).
This standard prescribes the technical and organizational measures that entity must comply with in order to prove that the cardholder data handled in a safe manner.
There are multiple levels of users, starting with the card issuer until retailers. The standard prescribes the scope of measures for each level. Among users with higher requirements include, for example, Banks, and users with slightly lower requirements, for example. Dealers.
Users and providers must certify its information system, which is certified by qualified auditors (QSA) and accredited providers scan (ASV). This is a requirement to perform payment cards and processing card transactions.
Non-compliance with the standard entails financial penalties and the possibility of total exclusion from the system card business.
The basic requirements of the PCI DSS standard include:
- protection of credit card data user and data authentication,
- safety communications and networks,
- testing system vulnerabilities,
- control logical and physical access,
- check how to design and maintain an information system
- systems for monitoring and control of malicious code,
- monitoring and describe events in the system
- internal documents, lines of responsibility, security policy.