If your company accepts or processes payment cards, the Payment Card Industry Data Security Standard (PCI-DSS) applies to you. For companies that store, process, transmit or could affect the security of cardholder data, Weaver conducts data security assessments and assists in complying with stringent PCI-DSS standards.
Our Qualified Security Assessors (QSA) can ensure that your organization meets and adheres to the following PCI-DSS goals and requirements:
- Build and maintain a secure network and systems using firewalls to protect cardholder data, and ensure that vendor-supplied defaults for system passwords and other security parameters are not used.
- Protect cardholder data and encrypt its transmission across open, public networks.
- Maintain a vulnerability management program with secure systems and applications, plus regular updates to anti-virus software and programs.
- Implement strong access control measures by restricting access to cardholder data (both electronic and physical) on a “need to know” basis.
- Regularly monitor and test networks and track all access to cardholder data.
- Maintain an information security policy that addresses information security for all personnel.
Visit the PCI-DSS website for more information on the goals and requirements.
Why comply? And why engage a QSA?
- All merchants that accept credit card payments are required to comply with the DSS, even if they have outsourced payment processing. Engaging a QSA can help ensure your company stays in accordance with the contracted terms of your acquirer.
- Third-party providers of certain services to merchants may need to assess their own compliance with DSS in order to provide those merchants assurance with regard to the outsourced services.
- Compliance with the DSS establishes a solid baseline for security practices as it relates to the cardholder data environment (CDE). The DSS aligns well with other security standards (e.g. ISO 27001, NIST SP 800-53) and can easily be extrapolated across the rest of your organization.
Perhaps your sales team has told you that the product or service you are selling now has to be PCI (Payment Card Industry) compliant. Or your credit card processor has informed your organization that you need be PCI compliant. You’ve heard pursuing PCI compliance is full of headaches. As you flip through the PCI DSS (Data Security Standard), you find that the requirements your company may have to meet seem overwhelming. Does this sound familiar? Read More
If you are asked by your payment card processor to complete an SAQ, you may think, “SA what?” (It’s a “self-assessment questionnaire.”) Even worse, your processor may inform you that, unless you complete an SAQ by year end, you’ll be charged thousands of dollars in penalties for every month you haven’t submitted one. These are all challenging requirements for any organization, from small mom-and-pop shops to the largest enterprises. Read More