PCI Compliance

The PCI Security Standards Council is an open global forum for the ongoing development, enhancement, storage, dissemination and implementation of security standards for account data protection.

The PCI Security Standards Council’s mission is to enhance payment account data security by driving education and awareness of the PCI Security Standards. The organization was founded by American Express, Discover Financial Services, JCB International, MasterCard Worldwide, and Visa, Inc.

Digital dozen

• Build and Maintain a Secure Network
  Requirement 1: Install and maintain a firewall configuration to protect cardholder data.
  Requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters.
• Protect Cardholder Data
  Requirement 3: Protect stored cardholder data
  Requirement 4: Encrypt transmission of cardholder data across open, public networks
• Maintain a Vulnerability Management Program
  Requirement 5: Use and regularly update anti-virus software
  Requirement 6: Develop and maintain secure systems and applications
• Implement Strong Access Control Measures
  Requirement 7: Restrict access to cardholder data by business need-to-know
  Requirement 8: Assign a unique ID to each person with computer access
  Requirement 9: Restrict physical access to cardholder data
• Regularly Monitor and Test Networks
  Requirement 10: Track and monitor all access to network resources and cardholder data
  Requirement 11: Regularly test security systems and processes
• Maintain an Information Security Policy
  Requirement 12: Maintain a policy that addresses information security

Who needs to be certified?

Any company that accepts, processes, or stores credit card information needs to comply with the standards set by the Payment Card Industry.

If you store, process, or transmit credit card transactions, you must be able to demonstrate that you are PCI DSS compliant. Organizations that must comply include- merchants, merchant acquirers, payment processors, payment gateways and hosting service solution providers.

Impact on your business?

If you fail to comply, you could be barred from processing credit card transactions, or may be forced to pay higher processing fees, and in the event of a serious security breach, fines of up to $500,000 and criminal charges.

Compliance with PCI DSS may require changes to procedures around handling credit card information and other sensitive data, as well as implementing other security procedures.

How can Tarang help you?

Tarang can help your business get certified for PCI Compliance through consulting provided by our in-house audit and security PCI compliance experts. Our experts will guide your way through a step-by-step approach towards making your business fully compliant to PCI security standards. We will assist your in underlining your business security requirements, manage certification through self-assessment audit or by coordinating the engagement of an independent, Qualified Security Assessor.

Tarang’s PCI - Compliance Offerings

PCI Compliance Assessment - Tarang will undertake to assess the functional roles in your company’s internal departments and subsequently arrange for cross-functional meetings and multiple planning sessions comprised of functional stakeholders both internal and external. Thus, we will scope the project domain to determine the systems, technology, and processes that pertain to processing, storage, and transmission of sensitive financial cardholder data & information.

The roadmap to PCI compliance will consist of milestones such as:

• Providing advice and consultation.
• Mapping PCI Security criteria with project scope and Audit procedures.
• Report on systems, technologies and processes in scope for assessment.
• Solution Implementation & On-site reviews.
• Training on information security, data handling and compliance procedures.
• Liaison with Visa, MasterCard and other FI’s and merchant banks.
• Providing guidance and administrative assistance.

The objective of the Pre-Audit Assessment is to identify gaps in compliance and underline priorities for PCI certification. Tarang will work hand-in-glove with your business to review all systems, policies, processes, and procedures under the PCI cloud consisting of,

• Pre-Audit Assessment of your facilities.
• Executing tailor-made tests on PCI Security Audit Procedures.
• Setting up the environment required for a vulnerability scan.
• Continuous review and analysis of pre-assessment and scan results.
• Document, plan & strategize based on gap analysis results.
• Pre-Audit Assessment report of test results and status of readiness.
• Prepare a checklist of essentials and suggestive actions for taking forward the PCI Compliance certification in full force.