contact us

facebookLinkedintwitterblogrss877-557-9703
Bringing the future - of IT into focusConsulting & Assessment Services - Let us save you time, money and your sanityConsulting & Assessment Services - Let us save you time, money and your sanityIT Infrastructure & Management - We'll turn your challenges into solutionsEnterprise Messaging Services - Helping you deliver secure communications. Any time. Anywhere.eLearning - Easy to use, easy to manage and customizable.

Compliance

Regulatory Compliance Overview
GLBA
PCI DSS
SOX
USA PATRIOT Act
Dodd-Frank Act
ISO 27001
COBIT
HIPAA
NERC


Ask the Experts
Submit a no-obligation question about PCI compliance.

LEARN MORE: Stay up to date on PCI compliance issues & changes. Join us on FaceBook, Twitter, and the InfoSight Blog.

A copy of the PCI DSS is available here.

PCI Compliance

Recent accounts of highly-publicized data breaches occurring in companies that are seemingly PCI compliant, begs the question, "does PCI compliance equal security?" The answer is, "not necessarily."

The PCI Security Standards Council's goal in forming the standards was to create a unified outline of the minimum security necessary to transmit, process and store cardholder information. Payment card information is a high-profile target and the tactics of cybercriminals are becoming more and more sophisticated. No organization is ever entirely secure; but with proper defenses, businesses can mitigate their risk and make it more difficult for cybercriminals to breach their private network.

Organizations of all sizes should blend compliance into ongoing operations. Security, by definition, involves safeguarding confidential information, protecting against fraud, ensuring systems are available so you can generate revenue, and making sure there are no errors in the stack. When you do all these things, you inherently wind up fulfilling the intent of all major regulatory and industry compliance regulations.

Going a bit above and beyond the periodic audits and network scanning required by PCI standards can yield a lot more value to an organization and, in most cases, does not add as much additional expense as may be perceived.

InfoSight provides a variety of tools, guidance, training resources and other IT security services to assist organizations seeking to achieve PCI compliance. We can help you build and maintain a high security posture, help you understand what is involved in PCI compliance, and assist in developing policies and practices that best fit your needs.

PCI compliance standards will continue to evolve over time. Contact us to help you build and maintain a high security posture while ensuring PCI compliance.

Complementary Services
IT Audit / Compliance Assurance Program
IT Risk Assessment
Enterprise Risk Management

PCI compliance

What is
PCI Compliance?

The Payment Card Industry Data Security Standard (PCI DSS) is a set of requirements designed to ensure that ALL companies that process, store or transmit credit card information maintain a secure environment. Essentially any merchant that has a Merchant ID (MID). The Payment Card Industry Security Standards Council (PCI SSC) was launched on September 7, 2006 to manage the ongoing evolution of the Payment Card Industry (PCI) security standards with focus on improving payment account security throughout the transaction process. The PCI DSS is administered and managed by the PCI SSC (www.pcisecuritystandards.org), an independent body that was created by the major payment card brands (Visa, MasterCard, American Express, Discover and JCB.). The payment brands and acquirers are responsible for enforcing compliance, not the PCI council.

Do you have something to add to this definition? Let us know.Email your comments and contributions.

Services
All Icons
Quick Links
©2013 InfoSight - All Rights Reserved | InfoSight's Privacy Statement | sitemap 1 | sitemap 2