PCI DSS implementation
Practical security standard that applies even outside the industry, for which it was created
Payment Card Industry Data Security Standard (PCI DSS) was created in 2004 by the joint efforts of the largest international payment systems: American Express, Visa, MasterCard, JCB и Discover.
The practicality, conciseness, and authoritative support of the standard have led to its popularity. For example, the Chinese international payment system UnionPay, which initially did not comply with PCI DSS, became a strategic member of the PCI consortium to strengthen its own and international security standards. PCI DSS compliance checks are integrated into many end-to-end security systems and are used for self-assessments even outside the payments industry.
The PCI DSS compliance specification describes a set of requirements that companies participating in international payment systems must comply with in order to ensure that the correct measures are taken to protect all data, both internal and external.
H-X will help your organization to develop and implement the necessary security controls and meet the requirements of the standard.
- Definition of the PCI DSS scope
- Providing recommendations for the implementation of information systems in accordance with PCI DSS requirements
- Development of IT and IS process management policies in accordance with PCI DSS
- Implementation of IT and information security processes to comply with PCI DSS requirements
- Risk assessment
- Development of IT and IS process management procedures
- Personnel training in PCI DSS requirements
- Wi-Fi network scan – quarterly
- Network segmentation test – twice a year
- Internal vulnerability scan – quarterly
- ASV scanning of external vulnerabilities – quarterly
- Internal PCI DSS compliance review – quarterly
- External penetration test – once a year
- Internal penetration test – once a year
- Vulnerability assessment and Wi-Fi attack modeling – once a year
Check out our additional services and business cases. Send the form below to request an audit or implementation of PCI DSS, PA DSS, or other PCI SSC standards. Get a free consultation.