Certification of mechants & service providers to meet PCI Standards
The Payment Card Industry Data Security Standard (PCI DSS) is a set of security standards designed to ensure that ALL companies that accept, process, store or transmit credit card information maintain a secure environment. Even if your environment does not need to comply with PCI DSS, it is a great security standard to align your business. It forms an industry best practice for any organisation with sensitive data.
Vectra specialises in all aspects of PCI compliance including assessments, penetration testing and requirement validation for all types of businesses. We launched our payment card related security compliance services in 2004 through programs with Visa and MasterCard. We then became the first Australian company to be certified as a QSA Company (QSAC) by the PCI Security Standards Council when it was formed in 2006. Since that time we’ve assisted thousands of organisations of all sizes in sectors including retail, financial services, insurance, transport, banking, credit unions, building societies, utilities, gaming and third party hosting and service providers.
What is PCI DSS Compliance?
Every organisation that stores, processes or handles payment card data is required to be Payment Card Industry Data Security Standard compliant. This standard was designed to increase cardholder data protection to dramatically reduce credit card fraud.
How does a business become compliant?
Compliance reporting for small merchants can be as simple as completing a Self-Assessment Questionnaire (SAQ) while for larger merchants and third party service providers, annual assessments must be conducted by a QSA Company. If you have internet facing IP addresses you must conduct network vulnerability scanning utilising an Approved Scanning Vendor (ASV) certified by the PCI Security Standards Council.
How often does compliance need to be validated?
To meet merchant agreements and avoid penalties, acquiring banks will seek PCI DSS compliance reporting on an annual basis and in some cases, on a quarterly basis.
What's the penalty for PCI non-compliance
Penalties for non-compliant merchants can range between $5,000 to $100,000 per month. Initially the acquiring bank will be penalised however this penalty is then passed on to the actual merchant themselves. Depending on the size of the penalty, non-compliance can have a disastrous effect on the merchant and in some cases, even put them out of business.
Vectra PCI DSS Compliance and PCI Audit Services:
PCI Gap Assessment
Payment card industry merchants can prepare for PCI DSS compliance by undertaking a PCI gap assessment. This type of assessment helps to identify, analyse and document any areas of non-compliance with the Payment Card Industry Standard so that the merchant can remediate any issues prior to applying for a PCI DSS compliance assessment.
Self-Assessment Questionnaire (SAQ) Completion
Depending on the size of your organisation and the number for transactions you process, you may be able guarantee PCI DSS compliance through the completion of a Self-Assessment Questionnaire. Vectra can provide advice and assistance on which assessment applies to you and ensure that the SAQ is completed correctly prior to submission.
Cardholder Data Discovery
As part of your PCI compliance requirements you need to make sure that cardholder data is stored securely and access to this data is restricted. Vectra can help you to secure non-compliant card data in a fraction of the time that you would spend manually searching your own systems, and help to remediate any issues and put practices in place to be compliant.
ASV Scanning Services
ASV (Approved Scanning Vendor) Vulnerability Scanning is a quarterly requirement for many organisations as part of the requirements to maintain their PCI DSS Compliance. Vectra provides a web based portal that can be easily configured to automate the scanning process as required by PCI DSS, or can allow scans to be run on an ad-hoc basis when required.
Internal and External Penetration Testing
Penetration testing, both internal and external, may be a required to meet your compliance obligations. Vectra’s penetration testing service meets the stringent requirements of the Payment Card Industry Security Standards Council for PCI DSS compliance and can be tailored to meet other regulations such as SOX, GLBA and HIPAA.
Internal and External Vulnerability Assessments
Internal and external vulnerability scans my be required depending on your cardholder data environment. If you have external facing IP addresses then you are required to run scans each quarter through an Approved Scanning Vendor (ASV) to make sure that you remain compliant. Vectra provides a web based portal so that both internal and external scans can easily be run on an automated schedule as required by the standard.
- Pre / post Assessment Guidance
- DYI / Internal Assessment Validation
- Third Party Assessment Validation
- Annual PCI DSS Assessments
- Remediation Solutions
- Managed Service (see our GRC Management)
Why choose Vectra Corporation?
Vectra was the first Australian company to be certified as a Qualified Security Assessment Company (QSAC) by the PCI Security Standards Council when it was formed in 2006. Since that time we’ve assisted thousands of organisations of all sizes in sectors including retail, financial services, insurance, transport, banking, credit unions, building societies, utilities, gaming and third party hosting and service providers. We have a number of Qualified Security Assessors both in house and working remotely who can help you to meet all requirements of the standard from start to finish.