HOMEPAGE
HOT AUDIT TOPICS
 
TECHNOLOGY AUDITS
COMPUTER AUDITS
APPLICATION AUDITS
MANAGED AUDITS
ON-SITE AUDITS
REMOTE AUDITS
INTERNAL AUDITS
NETWORK AUDITS
WEB SITE AUDITS
ENCRYPTION AUDITS
PCI COMPLIANCE AUDITS
iLLICIT IMAGE AUDITS
 
AUDIT SOFTWARE
SHOP & PRICING FEES
 
FREE AUDIT REPORT
WHITEPAPERS
NEWSLETTER
REFER A FRIEND
DATASHEETS
FAQS
CONTACT US
 
 
 
 
 
 

 

 Webcomz - Network Security | Computer Security | PCI Compliance | Audits

PCI COMPLIANCE AUDIT SERVICE

Winning The PCI Compliance Battle.

Webcomz has partnered with the best of breed vendors to offer clients Audit Services to companies for PCI Compliance

Payment Card Industry - Data Security Standard Credit cards are widespread and their use for online payments is increasing dramatically. However this increase has also brought about a growth in credit card fraud. In March 2007, TJX Companies Inc. disclosed that at least 45.6 million credit and debit card numbers were stolen by hackers who broke into its network.

In a bid to tighten up security and prevent similar breaches to that experienced by TJX, all businesses handling credit/debit card data now need to comply with strict security standards drawn up by the world’s major credit card companies including VISA and MasterCard.
   
These requirements are known as the Payment Card Industry Data Security Standard (PCI DSS), and to date these govern all the payment channels including retail, mail orders, telephone orders and e-commerce.
 

Are your clients at risk?

The Payment Card Industry Data Security Standard and Webcomz Managed Audit Servces offers a complete solution to achieve compliance.

Since companies are constantly at risk of losing sensitive cardholder data, which could result in fines, legal action and bad publicity, achieving compliance with the PCI DSS should be high on the agenda of companies who store, transmit or process credit card data.

Furthermore, PCI DSS compliance needs to be achieved by September, 2007 – this is the deadline posed by credit card companies. Organizations that fail to comply face fines of up to $500,000 if the data is lost or stolen and risk not being allowed to handle cardholder data.
 
PCI DSS FRAMEWORK

The PCI DSS framework is divided into 12 security requirements which can be grouped into five main areas:

Build and Maintain a Secure Network
1: Install and maintain a firewall configuration to protect cardholder data
2: Do not use vendor-supplied defaults for system passwords and other
security parameters
Protect Cardholder Data
3: Protect stored cardholder data
4: Encrypt transmission of cardholder data across open, public networks
Maintain a Vulnerability Management Program
5: Use and regularly update anti-virus software
6: Develop and maintain secure systems and applications
Implement Strong Access Control Measures
7: Restrict access to cardholder data by business need-to-know
8: Assign a unique ID to each person with computer access
9: Restrict physical access to cardholder data
Regularly Monitor and Test Networks
10: Track and monitor all access to network resources and cardholder data
11: Regularly test security systems and processes
Maintain an Information Security Policy
12: Maintain a policy that addresses information security
 
 
 

As from 30 September 2007 all businesses handling cardholder data – irrespective of size – have to be compliant with strict security standards drawn up by the world’s major credit card companies. This includes:

  • Banks and financial institutions
  • Educational institutions
  • Healthcare
  • Hotels and restaurants
  • Government
  • Insurance companies
  • Manufacturing
  • Retail
  • Post offices
  • Technology companies
  • And many more!
Any merchant or service provider that accepts card payments or processes card data must be compliant with all 12 requirements as stated above. However, the validation requirements demanded of a particular merchant are dependent
on its annual transactional volume.
 
Merchant
Levels
Qualification Criteria
Annual On-
Site Audit
Annual Self-
Assessment
Questionnaire
Quarterly
External
Scans
1
Merchants with over 6 million credit card transactions a year Merchants whose data has been compromised
X
X
2.
Merchants with between
150,000 and 6 million credit card transactions a year
X
X
3.
Merchants with between
20,000 and 150,000 credit card transactions a year
X
X
4
Merchants with between less than 20,000 credit card transactions a year*
X
X
         
* Note: It is mandatory that Level 4 merchants are compliant. Reporting compliance to acquiring banks (validation) is optional but is strongly recommended.

FOR FURTHER INFORMATION:

Call us to arrange a FREE PCI Consultance Session or teleconference meeting

>>APPLY NOW FOR A FREE

PCI COMPLIANCE SCAN
 
SOFTWARE NEWSLETTER ABOUT US CONTACT US