What is the PCI DSS?

The Payment Card Industry Data Security Standard is a set of comprehensive security requirements, issued by the PCI Security Standards Council, for companies that process, transmit or store payment card information.  This comprehensive standard is intended to help organizations for proactively protect customer account data and reflects most of the usual best practices for securing sensitive information.  It includes requirements for security management, policies, procedures, network architecture, software design and other critical protective measures. Merchants and services providers transacting, storing, or handling payment card account information must adhere to the 12 security principles defined in the PCI DSS.

Why comply with PCI DSS?

An organization may want to comply with the Payment Card Industry Data Security Standard (PCI DSS) for various reasons. Often, the requirement will be driven from an external source; transaction volume or because of a security incident. Progressive organization will comply simply because it makes good business sense. Few organizations want to be associated with major frauds.   Complying with PCI DSS allows an organization to reduce considerably its exposure to risks.

What requirements are imposed by the PCI DSS?

According to payment brand rules, all merchants and service providers are required to comply with the PCI DSS in its entirety. However, each payment brand also has separate and distinct compliance programs that serve as further incentives for adoption. Depending on the quantity of transactions, the company's business model as well as other additional criteria, payment brands have established specific requirements and compliance validations for merchants and service providers. These validation requirements vary from self assessments questionnaires (SAQ) to annual on-site assessments that can only be performed by a Qualified Security Assessor (QSA).

What are the implications of non compliance?

Failure to prove compliance can carry severe penalties, including fines, increased transaction fees or losing the right to access a payment card network's resources at any level. The credit card issuers are taking these requirements very seriously. For example, in 2006, Visa levied $4.6 million in fines versus $3.4 million in 2005. This card issuer announced that merchants found to be storing sensitive credit card data will be subjected to fines up to $10,000 per month. American Express , on its side, is fining merchants up to $15,000 per day for failures to comply and forcing them to bring in a third party contractor to bring systems into compliance.

How can Above Security help you with your PCI DSS compliance efforts?

As Qualified Security Assessor with vast experience in Information Risk Management, Above Security is able to provide you with a comprehensive set of professional services designed to help your company to achieve PCI DSS compliance:

PCI DSS Gap analysis.

Consulting services for secure network architecture design.

Annual onsite PCI DSS assessments.
Support in completing the PCI DSS Self-Assessment Questionnaire.

In short, with the support Above Security PCI QSA's, you can obtain the Peace of Mind that you need to concentrate on your business!

Click here for all your compliance pci requirements.