PCI Compliance

The PCI Security Standards Council is an open global forum for the ongoing development, enhancement, storage, dissemination and implementation of security standards for account data protection.

The PCI Security Standards Council's mission is to enhance payment account data security by driving education and awareness of the PCI Security Standards. The organization was founded by American Express, Discover Financial Services, JCB International, MasterCard Worldwide, and Visa, Inc.

• Build and Maintain a Secure Network
  Requirement 1: Install and maintain a firewall configuration to protect cardholder data.
  Requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters.
• Protect Cardholder Data
  Requirement 3: Protect stored cardholder data
  Requirement 4: Encrypt transmission of cardholder data across open, public networks
• Maintain a Vulnerability Management Program
  Requirement 5: Use and regularly update anti-virus software
  Requirement 6: Develop and maintain secure systems and applications
• Implement Strong Access Control Measures
  Requirement 7: Restrict access to cardholder data by business need-to-know
  Requirement 8: Assign a unique ID to each person with computer access
  Requirement 9: Restrict physical access to cardholder data
• Regularly Monitor and Test Networks
  Requirement 10: Track and monitor all access to network resources and cardholder data
  Requirement 11: Regularly test security systems and processes
• Maintain an Information Security Policy
  Requirement 12: Maintain a policy that addresses information security

Any company that accepts, processes, or stores credit card information needs to comply with the standards set by the Payment Card Industry.

If you store, process, or transmit credit card transactions, you must be able to demonstrate that you are PCI DSS compliant. Organizations that must comply include- merchants, merchant acquirers, payment processors, payment gateways and hosting service solution providers.

If you fail to comply, you could be barred from processing credit card transactions, or may be forced to pay higher processing fees, and in the event of a serious security breach, fines of up to $500,000 and criminal charges.

Compliance with PCI DSS may require changes to procedures around handling credit card information and other sensitive data, as well as implementing other security procedures.

Tarang can help your business get certified for PCI Compliance through consulting provided by our in-house audit and security PCI compliance experts. Our experts will guide your way through a step-by-step approach towards making your business fully compliant to PCI security standards. We will assist you in underlining your business security requirements, manage certification through self-assessment audit or by coordinating the engagement of an independent, Qualified Security Assessor.

PCI Compliance Assessment - Tarang will undertake to assess the functional roles in your company's internal departments and subsequently arrange for cross-functional meetings and multiple planning sessions comprised of functional stakeholders both internal and external. Thus, we will scope the project domain to determine the systems, technology, and processes that pertain to processing, storage, and transmission of sensitive financial cardholder data & information.

The roadmap to PCI compliance will consist of milestones such as:

• Providing advice and consultation
• Mapping PCI Security criteria with project scope and Audit procedures
• Report on systems, technologies and processes in scope for assessment