Payment Card Industry Data Security Standard (PCI DSS) also referred to as PCI, is a common security standard that has been established by the major credit card companies:
- American Express
- Discover Financial Services
- JCB International and
The Standard specifies the requirements for compliance for the following categories:
- Build and Maintain a Secure Network and Systems
- Protect Cardholder Data
- Maintain a Vulnerability Management Program
- Implement Strong Access Control Measures
- Regularly Monitor and Test Networks
- Maintain an Information Security Policy
Card companies may impose fines for breaches in cases of non-compliance to the PCI Standards.
Who does it apply to?
PCI compliance applies to all organizations that handle credit card information, by storing, processing, and transmitting cardholder data.
The subjected organizations are categorized into levels, with corresponding set of controls, generally:
- Level 4 – Less than 20,000 annual transactions
- Level 3 – Between 20,000 and 1 million transactions
- Level 2 – Between 1 and 6 million transactions
- Level 1 – Over 6 million transactions annually
Although compliance is not required by any federal USA law, some states refer to PCI compliance or equivalent requirements.
How can GoldSky support you with your PCI compliance needs?
- GoldSky can determine the correct levels and requirements for the organization and business goals.
- GoldSky can assess the current security controls and compare to the compliance requirements. For identified gaps and deficiencies, GoldSky can recommend and implement the remediation.
- GoldSky can conduct internal and self-assessment procedures, as required by the PCI compliance procedures.
- GoldSky can help you to continuously monitor and test the controls in place and change and update as needed.
“We could not be more pleased with our partnership with GoldSky Security. The experience and professionalism from your team has exceeded our expectations from day one. Your team was on-site within a week of our initial call. We appreciate the responsiveness and expertise you provided in performing our NIST 800-171 Gap Assessment and now CSOaaS program. Having an On-Demand CSO partner to assist us in building a sound cybersecurity program while maintaining NIST 800-171 compliance has proven to be both efficient and cost-effective. Thanks!”