Layer 7 IT Solutions
PCI / DSS Compliance
All companies that process and store customer payment card transactions are required to maintain their network security in accordance with the detailed specifications mandated under the Payment Card Industry data security standard (PCI DSS). Failure to demonstrate compliance can result in severe restrictions being placed on merchants by the card issuers, including the ultimate sanction of withdrawal of card authorisation facilities.
The PCI DSS identifies six key areas and 12 requirements of security best practice needed to ensure compliance with the standard including the need to Regularly Monitor and Test Networks (Requirements 10 and 11)
- File Integrity and Log Management (PCIDSS Requirement 10 and 11.5)
- Wireless IDS and Access Point Alerting (PCIDSS REQUIREMENT 11.1)
- PCI ASV Assessments (PCIDSS REQUIREMENT 11.2)
- Internal Vulnerability Assessments (PCIDSS REQUIREMENT 11.2)
- Penetration Testing (PCI REQUIREMENT 11.3)
- Intrusion Detection (PCIDSS REQUIREMENT 11.4)
As a minimum requirement merchants are required to provide the PCI with a quarterly scanning report which shows that there are no vulnerabilities present in the network.
