PCI DSS Compliance

PCI DSS is the acronym of Payment Card Industry – Data Security Standard. It is an international regulation created by the main payment brands in order to reduce the security risks faced by merchants, service providers, and final customers in the credit card sector.

The standard details a number of security requirements that must be applied to environments where payment card data are processed, in order to reduce the attack surface and mitigate the impact of potential security incidents. PCI DSS is compliant with the security best practices relevant to the specific sector.

 

@Mediaservice.net's offer

Thanks to its ten-year experience in the security field, @Mediaservice.net has developed a complete offer aimed at supporting its Clients in any phase of the PCI DSS certification process.

The consulting service starts with a Gap Analysis, aimed at examining card data flows and assessing compliance with the requirements specified by the regulation, also through technological security tests.

After such analysis, a detailed Remediation Plan is produced outlining the specific actions needed in order to reach a fully compliant state. These actions can be carried out internally or with the support of @Mediaservice.net's specialists.

The next step is carrying out the actual Audit and Security Scan activities, based on internationally recognized methodologies in order to validate the execution of the Remediation Plan.

Finally, within the Reporting phase the official deliverables needed for the statement of compliance are produced. These last two activities can be purchased separately and must be periodically repeated in order to maintain the certification

 

Optional services

Besides the activities described above, @Mediaservice.net recommends, as an opportunity to optimize and broaden the relevance of the provided results or support the Client in the execution of the Remediation Plan, the following additional options:

  • Drafting or review of required plans, policies, and procedures;
  • Execution or review of the Risk Assessment;
  • Execution of technological security assessments (e.g. Penetration Test, Wireless Scan) or IT Audits, also outside of the scope defined by PCI DSS;
  • Execution of in-depth technological assessments where needed (e.g. source code review);
  • Support of the IT staff in planning and implementing the technical countermeasures outlined in the Remediation Plan;
  • Training of Client's professional resources;
  • Integration of the PCI DSS compliance requirements within a broader ISMS compliant with the ISO/IEC 27001:2013 standard.

 

PCI DSS Compliance - 360,26 kB Download the service datasheet.