• Home
• About Us
• Services
  • Penetration Testing
  • PCI DSS
  • CTAS
  • Minerva Managed Security Monitoring
  • Code of Connection (CoCo)
• News
  • In The Press Archive
  • Latest News Archive
• Downloads
• Report Portal
• Events
  • RANT Forum Presentation Archive
• Contact Us
  • How To Find Us
• Recruitment

• Group Sites
  • Corporate Site
  • Escrow UK
  • Escrow US
  • Escrow Germany
  • Escrow Netherlands
  • Escrow Live
  • Site Confidence
  • Meridian Services
  • SDLC Solutions

You are here: Home » Services > PCI DSS

Sub Navigation

• Penetration Testing
• PCI DSS
• CTAS
• Minerva Managed Security Monitoring
• Code of Connection (CoCo)

PCI DSS

If your organisation electronically holds, transmits or processes credit card information, regardless of how that information was acquired, then it is required by the Payment Card Industry (PCI) to comply with its Data Security Standard (DSS).

As a leading independent provider of information security consultancy and security testing services, accredited by the Payment Card Industry as a Qualified Security Assessor (QSA) and as a PCI Approved Scanning Vendor (ASV), NCC Group is ideally placed to help you to become compliant and stay compliant.

About the Standard

The standard was implemented in response to increased fraud and identity theft involving stolen credit card data, in order to stem losses by the card providers and improve consumer confidence.

Issued jointly by Visa and Mastercard, the standard is also endorsed by other major card issuers. It not only addresses the most common consumer fears over making credit card transactions online or over the phone but ensures merchants become more accountable for their own risk.

Where cardholder data is compromised, merchants unable to demonstrate compliance with the standard may now be liable for losses that arise from the security breach. Beyond compliance, real business risks relative to brand, customer loyalty and corporate reputation exist if the payment data is not securely managed.

In addition, merchants who do not comply with the standard face the prospect of substantial fines imposed by the card schemes or being permanently barred from the card acceptance programme should a security breach occur and they have not complied with the standard.

PCI Compliance Requirements

The PCI DSS requires merchants to:
▪ Build and Maintain a Secure Network
▪ Protect Cardholder Data
▪ Maintain a Vulnerability Management Program
▪ Implement Strong Access Control Measures
▪ Regularly Monitor and Test Networks
▪ Maintain an Information Security Policy

These 6 security areas are underpinned by 12 Payment Card Industry Data Security Standard (PCI DSS) requirements and over 200 separate checks. They apply to Issuers and Acquirers, merchants and serviceproviders that store, process or transmit cardholder data.

Merchant Responsibilities

Note that all merchants, regardless of size, are required to be compliant to the standard. The Payment Card Industry has identified levels of merchant, based upon how many card transactions they process, in order to set out how the merchant must prove that compliance.
Our experienced team of QSA accredited Information Security testing and consultancy professionals has carried out thousands of consultancy and security testing assignments for clients including: Vodafone, NEC Group, Office, Cineworld, Oxfam, Chelsea FC and Legal & General. We care passionately about using this experience to help our clients manage their information security risks effectively. We have therefore developed a "one stop shop" set of services including: consultancy; PCI scanning; and Penetration Testing; which we collectively call our PCI DSS Compliance Services. These services are specifi cally aimed at assisting merchants to quickly achieve, and maintain, compliance.

home | about us | services | news | recruitment | downloads | report portal | events | contact us | sitemap | terms & conditions

Copyright © Secure Test 2009 | All Rights Reserved