PCI Compliance

WHAT DOES THE PCI COMPLIANCE MEAN?

PCIIn security terms, it means that your business adheres to the PCI DSS requirements for security management, policies, procedures, network architecture, software design and other critical protective measures. In operational terms, it means that you are playing your role to make sure your customers’ payment card data is being kept safe throughout every transaction, and that they – and you – can have confidence that they’re protected against the pain and cost of data breaches.

As a member of the PCI Security Standards Council, PowerTech Group of Chicago specializes in providing secured network solutions to variety of different retail customers supporting Merchant efforts toward obtaining PCI DSS validation and compliance.

From the world’s largest corporations to small Internet stores, compliance with the PCI Data Security Standard (PCI DSS) is vital for all merchants who accept credit cards, online or offline, because nothing is more important than keeping your customer’s payment card data secure.

The size of your business will determine the specific compliance requirements that must be met. PowerTech Group understands that achieving PCI DSS compliance is more then installing PA DSS secured system.

 

PAYMENT CARD INDUSTRY (PCI) DATA SECURITY STANDARD

REQUIREMENTS AND SECURITY ASSESSMENT PROCEDURES | PCI DSS VERSION 4.0

 

Build and Maintain a Secure Network

  1. Install and maintain a firewall configuration to protect cardholder data
    2. Do not use vendor-supplied defaults for system passwords and other security parameters

 

Protect Cardholder Data

  1. Protect stored cardholder data
    4. Encrypt transmission of cardholder data across open, public networks

 

Maintain a Vulnerability Management Program

  1. Use and regularly update anti-virus software or programs
    6. Develop and maintain secure systems and applications

 

Implement Strong Access Control Measures

  1. Restrict access to cardholder data by business need-to-know
    8. Assign a unique ID to each person with computer access
    9. Restrict physical access to cardholder data

 

Regularly Monitor and Test Networks

  1. Track and monitor all access to network resources and cardholder data
    11. Regularly test security systems and processes

 

Maintain an Information Security Policy

  1. Maintain a policy that addresses information security for employees and contractors

 

 

How to become compliant ?

PCI_DIAGRAMpsd

PCI Complaint Companies will have all of these Benefits:

NETWORK SECURITY

  • Active Firewall – To monitor incoming and outgoing network traffic based on security rules.
  • Prevention Management – Regularly using anti-virus software to maintain secure systems.
  • Router Port Limitation – Appropriate router configuration specific for the PCI compliance.
  • CHD Transmission – Encryption of card holder data for added security measures.
  • Secured Wireless – A safe wireless network is a must for any company, even when not strictly following the PCI guidelines.
  • Network Segmentation – Having POS, Data, and Voice all on separate VLANs.
  • Private/Public Network – Networks for the POS and a network for the customers/employees.
  • Content Filtering – Any content incoming that has been deemed explicit or harmful will not be able to come in to the network.

 

POLICIES / PROCEDURES

  • Network Diagram – Customer will have full knowledge of how everything is connected and mapped out.
  • Limited Access  Access to cardholder data only on a need-to-know basis as well as monitoring the access that is allowed.
  • Firewall Configuration – Will be done for the customer to meet all PCI requirements.
  • User Tutoring and Support – The customer will always have full knowledge of what is going on behind the scenes of their company.
  • Incident Management
  • Remote Access Procedures

DATA ACCESS

  • Remote Monitoring                                                                     
  • Local Monitoring
  • Local Access                                                                                 
  • Remote Connection Validation
  • Managing User Authentication

Areas we service: pci compliance in Wheeling, pci compliance in Buffulo Grove, pci compliance in Arlington Heights, pci compliance in Northbrook, pci compliance in Prospect Heights, pci compliance in Des Plaines, pci compliance in Schaumburg, pci compliance in Chicago, pci compliance in Lincolnshire, pci compliance in Glenview, pci compliance in Niles, pci compliance in Lake Bluff, pci compliance in Glencoe, pci compliance in Winettka, pci compliance in Wilmette, pci compliance in Evanston, pci compliance in Barrington, pci compliance in Palatine