What is the Payment Card Industry Data Security Standard (PCI-DSS)?
PCI-DSS is a GLOBAL standard and requires that organizations handling payment card data:
- Build and maintain a secure network
- Protect cardholder data
- Maintain a vulnerability management program
- Implement strong access control measures
- Regularly monitor and test networks
- Develop and maintain an information security policy
Any system that — or any system that is connected to a system that – stores, processes or transmits cardholder data is considered to be “In Scope”. The organization must comply with the PCI-DSS for everything that is “In Scope”.
PCI Compliance Background Information
- Visa: 269 million, MasterCard: 171 million, American Express: 49 million
- Visa and MasterCard debit cards add another 520 million to these figures
- Very large (thousands of man hours of effort)
- Time consuming (months, or even years, in duration)
- Resource intensive (require headcount and specific skill sets)
- Expensive (average annual audit spend is $225k, 10% spend more than $500k)
- 54% of QSAs say their clients find PCI DSS is too costly
- 52% of QSAs say their clients are not managing their data security
- Restricting access to cardholder data is problematic
Achieving compliance can involve costs ranging from more than $100,000 (Level 3 merchants ) to more than $1 million for Level 1 merchants. (Source: Gartner)
PeepSafe is Level 1 PCI DSS compliant and is hosted by Level 1 PCI DSS compliant hosting providers.
Managed controls include:
- Firewalls and Intrusion Detection
- Annual Penetration Testing
- Anti-Virus and Patch Management
- Centralized Logging and Monitoring
- Physical Security
- Quarterly Scans (internal and external)
- SSL Certification
- File Integrity Monitoring
Note: These are ALL controls that you would need to implement in your corporate environment if you did not use PeepSafe.
What are the Benefits of Using ExoIS?
