PCI Compliance

Payment Card Industry Data Security Standard (PCI DSS)

The Payment Card Industry (PCI) Data Security Standard (DSS) is a set of technical and operational requirements (contains 6 goals, 12 requirements and over 240 sub-requirements.) for maintaining payment security. Developed and managed by the PCI Security Standards Council (PCI SSC) and endorsed by the founding members, American Express, Discover Financial Services, JCB International, MasterCard Worldwide and Visa International to facilitate industry-wide adoption of consistent data security measures on a global basis.

Payment security applies to the protection of CardHolder Data (CHD) centred around the Primary Account Number (PAN)and sensitive authentication data whenever it is processed, stored and/or transmitted.

To whom it applies?

It applies to all entities involved in the electronic payment eco-environment that store, process and/or transmit CardHolder Data and/or can impact the security of the data and systems of the Cardholder Data Environment (CDE).

If you accept, store, transmit and/or process payment cards, PCI DSS applies to you. This includes both Merchants and service providers to Merchants, providing services like Data Centre, Cloud services, Call centre, Storage services etc.

How we can help?

PCI Compliance is not a single event, but an ongoing process.

We are here to support and provide guidance in making PCI compliance an integral function of your business, and ensuring you achieve and maintain PCI DSS Compliance. Our team of consultants are available,
...so do give us a call and see how we help?

We are one of the few Australian companies approved by the Payment Card Industry (PCI) council as a Qualified Security Assessor (QSA) and Payment Application (QSA) company providing services to Australia, Central Europe, Middle East, and Africa (Latin America and the Caribbean) regions.

Benefits to your business?

  Trustworthiness: Gaining customers trust is the key to success, PCI compliance provides the level of trust to the customer on their data.
  Security: PCI compliance elevates the overall security posture of an organization in terms of infrastructure and environment itself.
  Continuous Improvement: On-going PCI compliance demonstrates a commitment to evolving the security important measure that is deemed necessary for the organization to prevent from security breaches.

PCI-DSS Goals

The following six goals and twelve standards cover technical and operational system components included in or connected to cardholder data.

1. Install and maintain a firewall configuration to protect cardholder data
2. Do not use vendor-supplied defaults for system passwords and other security parameters
3. Protect stored cardholder data
4. Encrypt transmission of cardholder data across open, public networks
5. Use and regularly update anti-virus software or programs
6. Develop and maintain secure systems and applications
7. Restrict access to cardholder data by business need-to-know
8. Assign a unique ID to each person with computer access
9. Restrict physical access to cardholder data
10. Track and monitor all access to network resources and cardholder data
11. Regularly test security systems and processes
12. Maintain a policy that addresses information security for employees and contractors




Payment Application Data Security Standard (PA DSS)

PA-DSS is a set of standards (14 requirements and over 240 sub-requirements.) aimed at helping software vendors and others develop secure payment applications that support compliance with the PCI DSS.

The founding members of PCI SSC endorse the standard, promote use of validated payment applications, develop and and enforce compliance programs.

To whom it applies?

PA-DSS applies to third party applications that store, process and/or transmit payment CardHolder Data as part of authorisation and/or settlement process. To achieve PA-DSS compliance, software developers/providers must have their application audited by a Payment Application Qualified Security Assessor (PA-QSA) and revalidated whenever any major changes are made.

  1. Do not retain full track data,card validation code or value(CAV2,CID, CVC2, CVV2) or PIN block data
  2. Protect stored cardholder data
  3. Provide secure authentication features
  4. Log Payment Application Activity
  5. Develop Secure Payment Applications
  6. Protect wireless transmissions
  7. Test Payment Applications to address vulnerabilities and maintain payment application updates
  8. Facilitate secure network implementation
  9. Cardholder data must never be stored on a server connected to the Internet
  10. Facilitate secure remote access to payment application
  11. Encrypt sensitive traffic over public networks
  12. Secure all non-console administrative access
  13. Maintain a PA-DSS Implementation Guide for customers, resellers, and integrators
  14. Assign PA-DSS responsibilities for personnel, and maintain training programs for personnel, customers, resellers, and integrators

How we can help?

Our qualified assessors, PCI-QSA and PA-QSA, can assist in all aspects to ensue an effective security assessment of your Payment Applications.

...Give us a call and discuss how we can assist you?

Security Awareness Training

Mandated by PCI-DSS Req.12 and an essential part of ensuring a security environment, Security Awareness Training will empower staff and understanding of the various attack strategies used by hackers to gain access and/or sensitive information.
We can assist you in developing and implementing best practice behaviour for protecting cardholder data. Technology can go so far, people and their behaviour are essential in PCI security.

Other PCI Services

We offer the following services that can assist you with your compliance requirements.

  • ASV External Vulnerability scanning services
  • Internal Vulnerability scans
  • External/Internal Infrastructure and Web Application Penetration Tests
  • PCI DSS Gap Assessments
  • PCI DSS Remediation Guidance
  • PCI DSS Certification
  • PCI PA-DSS Assessments and Certification
  • Assist with Policy and Procedures