NetSentries work with customers to perform gap analysis and report the controls that need remediation to achieve PCI and PA compliance. The assessment will include a review of the cardholder production network (including vulnerability and penetration testing) and supporting technical documentation. The assessment process may include interviews with company personnel to determine what PCI and PA requirements are in place and where remediation is required.
The first phase of the project will involve reviewing and validating the current cardholder network environment, policies and procedures against the PCI Data Security Standard (DSS). The methodology for validation will include:
- Review of current cardholder environment technology and security features
- Mapping touch points to the corporate network
- Examining access points and network components for security shortcomings from a PCI perspective
- Verification that current documented controls meet the specific PCI DSS requirements
- Scans and penetration tests to validate that the client has attained an appropriate level of security
We keep a track of all remediation efforts and provide monthly status report to the client for the remediation steps. During this time, client is expected to implement PCI controls and work with our experts continuously of all remediation measures.
NetSentries will, as required for the project, deploy a PCI audit team of qualified personnel to carry out an on-site security assessment. After going through internal quality procedures the client will be issued a Report on Compliance (ROC) and appropriate certification will be submitted to various credit card brands. Certification requirements are dependent on the level of the service providers.
PCI Readiness Assessment
NetSentries help you determines the appropriate scope of PCI compliance for your organization, makes recommendations on how to control and reduce the scope and report on the current compliance status. We also help you design a PCI recommendation road-map tailored to your organization, helping you in every step of the journey to PCI compliance.
Our PCI DSS consultants works close with the client staff to identify and implement appropriate security controls that will help them to achieve the goal. We help our clients achieve PCI complaints in alignment with their organization mission and provides operational assistance in maintaining that compliant overtime.
During the onsite assessment our consultants can help you achieve compliance with the required evidence, audit security controls and other appropriate compliance report to register and demonstrate PCI compliance.
We provide ongoing maintenance and support to ensure that client is receiving all the required guidance, advice and proactive support to track, monitor and maintain data security required for PCI DSS compliance
The PCI DSS standard has 12 compliance requirements, which is organized into six logically related control-objectives
- 1. Build and Maintain a Secure Network
- 2. Protect Cardholder Data
- 3. Maintain a Vulnerability Management Program
- 4. Implement Strong Access Control Measures
- 5. Regularly Monitor and Test Networks
- 6. Maintain an Information Security Policy
Advantages of PCI DSS certification:
- Guidance to organizations for protecting customer data
- Assurance to your customers on secure storage, transmission and use of their personal information and data
- Heavy fines of non-compliance and lack of due-care can be evaded
- Improves security posture
- Help prioritize and manage Infrastructure budgeting
PCI Compliance for Merchants
|PCI Level||Card transactions processed annually|
|Level 1||More than 6,000,000 transactions per annum|
|Level 2||More than 1,000,000 transactions but less than 6,000,000 transactions per annum|
|Level 3||More than 20,000 e-commerce transactions but less than 1,000,000 total transactions per annum|
|Level 4||All other merchants|
PCI Consulting Services
- PCI-DSS Program Management
The end-to-end compliance program for PCI which provides you customized review of policies and procedures and audit trails
- QSA Audit Preparation
A comprehensive Pre-Audit of your IT infrastructure, Processes and Application as a first step towards PCI DSS compliance
- Gap Analysis Consultation and Remediation
Provides you a customized remediation plan by outlining the deficiencies and also provides recommendations in a complete documented report.
- Annual planned PCI Audit
Plan and execute the annual PCI compliance audits through Qualified Security Assessors (QSA) having proven track record in delivering large multi-site assignments for major brands. We deliver On-Time and On-Budget.
- Vulnerability AssessmentVulnerability Assessment and Compliance go hand in hand. It is considered a due diligence step in maintaining a good security posture for the company.
Payment Application Data Security Standard (PA DSS) is a PCI SSC managed program for the Payment Applications and applies to software vendors and others who develop payment applications that store, process, or transmit cardholder data as part of authorization or settlement, where these payment applications are sold, distributed, or licensed to third parties. It helps software vendors and others develop secure payment applications. NetSentries Security experts helps organizations in developing commercial payment applications through the entire cycle of PA-DSS. Our consulting team comprising of Subject Matter Experts have the knowledge and skills to provide the consultancy and implementation services for the standard implementation or an Integrated Standards Management System in case you have multiple standards in place in your organization and need an integrated approach to the exercise.
The objective of PA-DSS is to help develop secure payment applications that do not store sensitive authentication data contained in the card.