Payment Card Industry Security

BUSINESS CHALLENGE
Highly publicized compromises of credit card information over the last several years have raised the public awareness and concerns about credit card account information theft. Since a number of breaches involved millions of accounts, the cost to businesses and consumers can be substantial.

The payment card industry (PCI), which includes Visa, MasterCard, American Express, and others, has responded with substantial requirements for protecting cardholder information. Businesses must demonstrate compliance with these requirements or risk losing their ability to process credit cards.

The PCI requirements affect many merchants and service providers, and include:

Annual Security Audits: The largest merchants and service providers are required to have an annual, on-site audit by a qualified data security company (QDSC).

PCI Security Assessments: Other levels of merchants and service providers must conduct an assessment using the PCI requirements.

Quarterly System Perimeter Scans: Large to mid-sized merchants and service providers are required to have quarterly system perimeter scans. Smaller firms are required to do this annually, and both must use an approved vulnerability scanning solution to identify potential weaknesses.

The PCI requirements are stringent and can overburden internal staff, especially when preparing for certification. Covestic's qualified data security professionals will provide the expertise to enhance your business security and design a program to help you achieve PCI certification.

Covestic provides complete PCI security services, including:

• Baseline Compliance Assessment
• Control Gap Analysis
• Planning and Roadmap Development
• Control Design, Implementation, and Remediation
• Validation
• Certification

COVESTIC'S SOLUTION
Covestic is a Visa qualified data security company (QDSC) that provides a structured approach to helping our clients meet initial and ongoing PCI requirements. Our approach establishes a program that addresses the key elements of the PCI requirements for both technology and process controls.

Covestic has comprehensive offerings that range from initial gap assessment and control design to remediation and certification. We work with our clients to ensure that they can maintain the effectiveness of their protection measures to minimize the possibility of compromise.

Covestic can provide services to clients at almost any stage of their compliance program development process, whether starting with an initial assessment, developing remediation plans and compliance roadmaps, validating the results of control implementation, or providing independent certification.

Covestic's PCI security services are designed to address six primary areas:

• Build and maintain a secure network
• Protect cardholder data
• Maintain a vulnerability management program
• Implement strong access control measures
• Regularly monitor and test networks
• Maintain an information security policy

COVESTIC ADVANTAGE
Founded on the principle that seasoned experts representing a combination of consulting and practical application experience are a critical component of technology-based initiatives, Covestic employs more than eighty industry-recognized consultants who have fostered the growth of information technology and related disciplines. Covestic team members are drawn from a variety of well-respected professional services firms and technology-oriented industry players to compose integrated, cross-disciplined teams. With expert professionals in all aspects of I.T. security consulting and business risk management, Covestic teams have successfully designed and implemented security solutions for local, state, and federal government agencies, and for Fortune 500 firms.

Click here to email a PCI security specialist.