"The local presence and expertize of the PCI auditor were essential in completing this extensive process succesfully." Sami Toivonen, Marketing Director of Screenway Ltd

Payment Card Industry Data Security Standard Compliance

Visa, MasterCard and other major credit card companies expect that all companies, which process payment transactions, are compliant with the Payment Card Industry (PCI) Data Security Standard (DSS).

The information security audit is conducted at vendors who receive more than 20.000 online payments annually, and at other companies gathering payment and transaction related information from other companies. Adherence to the PCI DSS standard will be supervised via independent audits conducted by qualified vendors.

PCI Levels and validation actions

PCI DSS validation controls are related to the number of credit card transactions processed, handled or stored annually. Thus, the customer is offered only the modules that are needed to meet customer's PCI DSS standard compliance, and the customer can select services needed.

1 Quarterly and after any significant upgrade or change in the network, servers or application.
2 Does not need to be performed by certified assessor.
3 Or compromised in the last year

Nixu PCI Audits and services

Onsite Audit

Our SecOnSite PCI is a standardized and Visa's approved method for performing annual PCI DSS onsite audits whose objective is to ensure your compliance to meet PCI DSS standard requirements:

Project outcome will be a formal Report On Compliance (ROC), and a project summary, which provides a thorough analysis of the findings and recommendations for our customer.

PCI Vulnerability Scan

Our SecBase PCI is a standardized and Mastercard approved network security service whose objective is to discover possible vulnerabilities and security weaknesses in network components in your environment.

Project outcome will be a formal Report On Compliance (ROC) and project documentation, which is an in-depth analysis outlining and prioritizing the vulnerabilities and security weaknesses found in the target systems. The report includes development recommendations to solve these problems.

Penetration test

Penetration testing is a requirement of the PCI onsite audit procedures to evaluating your information security measures. The most common procedure is that the security measures are actively analysed for technical flaws, vulnerabilities and design weaknesses. Read more about our Technical Security Audits.

Wireless network analysis

PCI version 1.1 requires quarterly wireless network assessments to analyse possible malicious wlan access points in your environment. Read more about our Technical Security Audits.

PCI compliance consulting

Our certified security consultants are working locally in Finland and the Middle East, thus auditors work closely and know local business requirements and laws to help your organization meet PCI requirements. Read more about our Security Management Consulting services.

Business benefits of PCI Compliance:

You avoid substantial non-compliance fines and penalties

You mitigate the risk of compromising valuable card holder data

You have proof of your company information security situation

Compliance provides a clear competitive advantage for service providers

In case of a compromise, PCI DSS compliant company may avoid significant fines and penalties

Compliance increases the level of customer trust and amplifies the positive image of your company

Terminology

PCI
Payment Card Industry
DSS
Data Security Standard
QSA
Qualified Security Assessor
QSAP
Qualified Security Assessor Professional

Related Information

The security of cardholder data has become one of the biggest concerns facing the online payment industry. By following requirements and procedures of PCI data security standard:

Contact

Please Contact our Sales for further information.