PCI Data Security Standard Requirements
The PCI Data Security Standard (PCI DSS), which provides an actionable framework for developing a robust payment card data security process -- including prevention, detection and appropriate reaction to security incidents. Olsen Consultants has experts that will take you through the process of becoming PCI DSS compliant and ensure that your company can safely and securely accept credit cards.
PCI DSS version 2.0 is the global data security standard that any business of any size must adhere to in order to accept payment cards, and to store, process, and/or transmit cardholder data. It presents common-sense steps that mirror best security practices.>
Step 1 – Assess
The primary goal of assessment is to identify all technology and process vulnerabilities that pose risks to the security of cardholder data that is transmitted, processed or stored by your business. Olsen Consultants will analyze the IT infrastructure and processes that access the payment account infrastructure. We then determine how cardholder data flows from beginning to end of the transaction process – including PCs and laptops that access critical systems, storage mechanisms for paper receipts, etc. We check the versions of personal identification number (PIN) entry terminals and software applications used for payment card transactions and processing to ensure they have passed PCI compliance validation.
Note: your liability for PCI compliance also extends to third parties involved with your process flow, so you must also confirm that they are compliant. Comprehensive assessment is a vital part of understanding what elements may be vulnerable to security exploits and where to direct remediation.
Self-Assessment Questionnaire (SAQ). The SAQ is a validation tool for merchants and service providers who are not required to do on-site assessments for PCI DSS compliance. Four SAQs are specified for various situations. We will determine which process is correct for your business.
Step 2 – Remediate
Remediation is the process of fixing vulnerabilities – including technical flaws in software code or unsafe practices in how an organization processes or stores cardholder data. Steps include:
Scanning your network with software tools that analyze infrastructure and spot known vulnerabilities Review and remediation of vulnerabilities found in on-site assessment (if applicable) or through the Self-Assessment Questionnaire process Classifying and ranking the vulnerabilities to help prioritize the order of remediation, from most serious to least serious Applying patches, fixes, workarounds, and changes to unsafe processes and workflow Re-scanning to verify that remediation actually occurred
Step 3 – Report
Regular reports are required for PCI compliance; these are submitted to the acquiring bank and global payment brands that you do business with. Olsen Consultants will ensure that you have ongoing processes that meet the requirements. All merchants and processors must submit a quarterly scan report, which can be completed by Olsen Consultants. Businesses with large flows must do an annual on-site assessment and submit the findings. Businesses with small transaction flows may be required to submit an annual Attestation within the Self-Assessment Questionnaire. For more details, call us today.