PCI DSS implementation

Practical security standard that applies even outside the industry for which it was created

Payment Card Industry Data Security Standard (PCI DSS) was created in 2004 by the joint efforts of the largest international payment systems: American Express, Visa, MasterCard, JCB and Discover.

The standard has become popular due to its practicality, conciseness, and official status. For example, the Chinese international payment system UnionPay, which initially did not comply with PCI DSS, became a strategic member of the PCI consortium to strengthen its own and international security standards. PCI DSS compliance checks are integrated into many end-to-end security systems and are used for self-assessments even outside the payment card industry.

PCI DSS

The PCI DSS compliance specification describes a set of requirements that companies participating in international payment systems must comply with in order to ensure that the correct measures are taken to protect all data, both internal and external.

H-X will help your organization to develop and implement the necessary security controls and meet the requirements of the standard.


Implementation plan:

1
Scope and documentation development
  • Definition of the PCI DSS scope
  • Providing recommendations for the implementation of information systems in accordance with PCI DSS requirements
  • Development of IT and IS process management policies in accordance with PCI DSS
2
Implementation of information security processes
  • Implementation of IT and information security processes to comply with PCI DSS requirements
  • Risk assessment
  • Development of IT and IS process management procedures
  • Personnel training in PCI DSS requirements
3
PCI DSS periodic technical actions
  • Wi-Fi network scan – quarterly
  • Network segmentation test – twice a year
  • Internal vulnerability scan – quarterly
  • ASV scanning of external vulnerabilities – quarterly
  • Internal PCI DSS compliance review – quarterly
4
Security assessment (penetration test) of information systems within PCI DSS
  • External penetration test – annually
  • Internal penetration test – annually
  • Vulnerability assessment and Wi-Fi attack modeling – annually
More about penetration tests.

Check out our additional services and business cases. Send the form below to request an audit or implementation of PCI DSS, PA DSS, or other PCI SSC standards. Get a free consultation.

Business cases of projects we completed

Information security incident response and investigation
Managed security and compliance (ISO 27001, etc.)
Security analysis of software source code
Security assessment: audits and penetration tests
Security Operations Center cases