What is the Payment Card Industry DSS?

The Payment Card Industry Data Security Standard (PCI DSS) is a set of requirements developed to reduce credit card fraud and increase data security. This industry standard affects every company that deals with (stores, processes of transmits) card payment transactions. The PCI DSS requires companies to:

Build and Maintain a Secure Network
Protect Card Holder Data
Maintain a vulnerability management Programme
Implement Strong Access Control Measures
Regular Monitor and Test Networks
Maintain an Information Security Policy

Who does PCI DSS affect?

Anyone who;
stores
processes
or transmits

… card holder data, including Merchants and Service Providers.

Objective, Vendor-neutral PCI consultancy

As we have engaged in PCI compliance projects over the years, it has become very apparent how some providers of PCI consultancy and audit use the PCI Security Standard to leverage third party product sales.

7Safe’s PCI DSS team have strategically set out to remain vendor neutral. Our team therefore only provides or recommends what is absolutely necessary to your core PCI compliance programme including;

Consultancy

the provision of PCI QSA consultancy for scope, gap, remediation support and audit

Cardholder Data Search

it is crucial that any organisation searches for the presence of unprotected cardholder data. Our team uses its un-house build “7Seec” to search for PANs. This is a commercially available tool, but will only be offered as a potential discovery solution to help you find unencrypted PANs and to maintain compliance.

PCI Penetration Testing

importantly, 7Safe’s pen testing team are PCI trained and as a result they use their knowledge of PCI DSS to provide clear, concise input into PCI compliance programmes. Moreover, our QSA team trust the output of such work and know that a full and thorough PCI penetration test has been undertaken.

PCI ASV Scanning Service

despite being experts in vulnerability assessment and having the co-founder of Nessus working within the business, 7Safe has chosen to partner with industry-leading ASV solutions provider Qualys to ensure that we can offer our clients access to the best ASV in the market place for to satisfy the requirements of the standard.

PCI vs Pragmatic Business

7Safe is a PCI DSS QSA (Qualified Security Assessor) and undertakes PCI compliance audits in addition to assisting organisations become and maintain compliance with the standard. We have learned over the years however, that it is a consulting team’s wider skill set that is also important to set the standard in context of the wider organisation and work closely with our clients to ensure that we take a pragmatic view of how organisational change needs to be undertaken. There is a significant danger that a lack of consultancy experience in the field of PCI can result in ineffective spend and un-necessary risk being introduced from a wider perspective.

Our QSA team therefore draws upon the advice from other departments within 7Safe such as the PCI QFI team (who handle breaches of Payment Card data) and our Penetration Testing / Web Application Security department for advice and guidance where complex situations may arise. This team approach, coupled with strong project management experience adds tremendous value to each project and client alike.

PCI DSS – Staying Current

Critical to the success of any PCI compliance business is knowing the industry and staying close to changes. 7Safe is proud to work very closely with the PCI Security Standards Council, the Card Schemes and the UK Acquiring Banks through both our QSA work, partnerships and QFI (breach of credit card data) activity. We regularly attend PCI council community meetings and have regular updates / knowledge share with the Card Schemes and Acquirers.