Imprint/Impressum
Deutsch
English
Payment Card Industry [PCI]
  PCI DSS Services
  PA-DSS Services
  PCI PIN Security
Compliance Software Solutions
  Merchant Compliance Portal
  Acquirer Compliance Solution
Company
  Customers
  Management
  Certifications
  Careers
  Contact
HOME Payment Card IndustryPCI DSS Services


LEARN MORE ABOUT OUR PCI DSS SERVICES !

The Standard
The Payment Card Industry Data Security Standard [PCI DSS] is a set of comprehensive requirements for enhancing payment account data security. The PCI DSS was jointly developed by Visa International, MasterCard, American Express, JCB and Discover several years ago. In 2006 the PCI Security Standard Council [PCI SSC] was founded by these card organisations to help facilitate the broad adoption of consistent data security measures on a global basis.

The PCI DSS is a multifaceted security standard that includes requirements for security management, policies, procedures, network architecture, software design and other critical protective measures. This comprehensive standard is intended to help organizations for proactively protect customer account data.

The PCI DSS is a group of principles and accompanying requirements, grouped in six main sections addressing more than 300 single requirements. The six main sections are:

  • Build and Maintain a Secure Network
  • Protect Cardholder Data
  • Maintain a Vulnerability Management Program
  • Implement Strong Access Control Measures
  • Regularly Monitor and Test Networks
  • Maintain an Information Security Policy

PCI DSS applies to every bank, processor, payment service provider or merchant who stores, processes, or transmits cardholder or transaction data by his own or on behalf of one of the other entities.

Services
Acertigo provides with its Security Services for PCI a comprehensive set of services to assist banks, processors, payment service providers and merchants in achieving compliance with the PCI DSS requirements. The proven Acertigo methodology and rendering of services are separated into different stages to assist the customer in achieving compliance. During these stages, Acertigo provides the customer with mandatory and optional services to allow the customer to achieve compliance in an efficient and timely manner. These stages are:

  • Education and Assessment Preparation
    To understand the focus of PCI DSS and to define the scope of relevant areas Acertigo provides in this stage detailed information and training to the customers to improve the level of attention and understanding of the management and involved staff members.
  • Compliance Advisory and Support
    During this stage the identification of weaknesses and deviations from the requirements of the PCI DSS is performed. For customers, who have not undergone a PCI validation in the past, Acertigo recommends this phase or parts of this phase to highlight areas of non-compliance and prioritize the respective remediation activities.
  • Vulnerability Scanning Services
    The PCI DSS requires that vulnerability scans are performed an o regular basis. The scan detects vulnerabilities on the external facing IP addresses of the customers’ network infrastructures to help in identifying gaps and to improve the external security.
  • Assessment Services
    An onsite review according to the PCI Security Audit Procedures is conducted by Acertigo auditors together with the responsible staff of the customer during an onsite visit. This review address processes and procedures, physical and logical security, documentation, and security management.