PCI DSS

[et_pb_section bb_built=”1″ admin_label=”section” custom_padding=”0px|0px|0px|0px” fullwidth=”on”][et_pb_fullwidth_header title=”Meet PCI Data Security Standard (PCI DSS) Requirements” background_layout=”dark” text_orientation=”center” header_scroll_down=”on” scroll_down_icon=”%%3%%” button_one_url=”http://www.mdsny.com/contact/” background_url=”http://www.mdsny.com/wp-content/uploads/2017/06/PCI.jpg” background_color=”#2d3743″ background_overlay_color=”rgba(0,0,0,0.57)” title_font_size=”63px” content_font_size=”26px” subhead_font=”Droid Sans||||” subhead_font_size=”31px” background_image=”http://www.mdsny.com/wp-content/uploads/2017/06/PCI.jpg”]

PCI DSS

[/et_pb_fullwidth_header][/et_pb_section][et_pb_section bb_built=”1″ admin_label=”section” custom_padding=”54px|0px|9px|0px”][et_pb_row admin_label=”row” custom_padding=”0px|0px|0px|0px” background_color=”#ffffff” background_position=”top_left” background_repeat=”repeat” background_size=”initial”][et_pb_column type=”1_2″][et_pb_text text_line_height=”1.5em” header_line_height=”1.2em” background_position=”top_left” background_repeat=”repeat” background_size=”initial”]

PCI DSS apples to all companies that accept credit cart payments.

[/et_pb_text][/et_pb_column][et_pb_column type=”1_2″][et_pb_text text_orientation=”center” text_font=”||||” text_font_size=”58px” background_position=”top_left” background_repeat=”repeat” background_size=”initial”]

   Is Your Organization Prepared?

[/et_pb_text][et_pb_button button_url=”http://www.mdsny.com/contact/” button_text=”Find Out Now” button_alignment=”center” custom_button=”on” button_text_size=”27px” button_text_color=”rgba(0,0,0,0.95)” button_border_width=”2px” button_border_color=”#0c000c” button_border_radius=”1px” button_text_color_hover=”#ffffff” button_bg_color_hover=”#3dacb6″ background_color=”#7EBEC5″ /][/et_pb_column][/et_pb_row][/et_pb_section][et_pb_section bb_built=”1″ admin_label=”section” custom_padding=”10px|0px|13px|0px”][et_pb_row admin_label=”row” make_fullwidth=”on” background_position=”top_left” background_repeat=”repeat” background_size=”initial”][et_pb_column type=”4_4″][et_pb_text text_font=”Droid Sans||||” text_font_size=”21px” text_text_color=”#2b2b2b” text_line_height=”1.8em” background_position=”top_left” background_repeat=”repeat” background_size=”initial”]

If your business regularly processes, stores, or transmits credit card information, then you’re likely familiar with the Payment Card Industry Data Security Standard (PCI DSS). PCI DSS requirements are continually updated to keep pace with the evolving threat landscape, and it can be a challenge to keep your security program in sync. Simply focusing on the latest written standards is not enough; in order to feel confident against PCI DSS compliance deadlines, it’s vital to set goals that exceed the latest version and demonstrate your processes are sound when the auditors arrive.

[/et_pb_text][/et_pb_column][/et_pb_row][/et_pb_section][et_pb_section bb_built=”1″ admin_label=”section” background_color=”#e6eaea” custom_padding=”62px|0px|58px|0px”][et_pb_row admin_label=”row” make_fullwidth=”on” custom_padding=”0px|0px|1px|0px” background_color=”#e6eaea” background_position=”top_left” background_repeat=”repeat” background_size=”initial”][et_pb_column type=”4_4″][et_pb_text text_font=”Droid Sans||||” text_font_size=”20px” text_text_color=”#2b2b2b” text_line_height=”1.5em” background_position=”top_left” background_repeat=”repeat” background_size=”initial”]

Who is Affected?

The Payment Card Industry Data Security Standard (PCI DSS) applies to companies of any size that accept credit card payments. If your company intends to accept card payment, and store, process and transmit cardholder data, you need to host your data securely with a PCI compliant hosting provider.

 

[/et_pb_text][/et_pb_column][/et_pb_row][/et_pb_section][et_pb_section bb_built=”1″ admin_label=”section” custom_padding=”0px|0px|54px|0px”][et_pb_row admin_label=”row” make_fullwidth=”on” parallax_method_1=”off” module_id=”#my-accordion” background_position=”top_left” background_repeat=”repeat” background_size=”initial”][et_pb_column type=”4_4″][et_pb_text text_font=”Droid Sans||||” text_font_size=”21px” text_text_color=”#2b2b2b” text_line_height=”1.4em” background_position=”top_left” background_repeat=”repeat” background_size=”initial”]

What You Need to Do:

Look for software solutions that are designed around industry best practices, but still account for the PCI requirements for quick and easy reporting –

MDS provides several solutions created with this approach to help you easily remain PCI DSS compliant. Click each requirement below to learn more.

[/et_pb_text][et_pb_toggle title=”Requirement 1: Install and maintain a firewall configuration to protect cardholder data” open_toggle_background_color=”#e6eaea” open_toggle_text_color=”#2b2b2b” closed_toggle_background_color=”#2b2b2b” title_font=”Droid Sans|on|||” title_font_size=”20px” title_text_color=”#ffffff” body_font=”Droid Sans||||” body_font_size=”17px” body_text_color=”#2d3743″ background_position=”top_left” background_repeat=”repeat” background_size=”initial”]

MDS solutions enable any necessary testing and monitoring of both host-based firewalls and those separating the cardholder data environment (CDE), untrusted networks, and outside world. MDS can help you evaluate and document the gaps in your firewall coverage and configurations to make recommendations for improving your firewall deployment, management, and testing moving forward.

[/et_pb_toggle][/et_pb_column][/et_pb_row][et_pb_row admin_label=”row” make_fullwidth=”on” parallax_method_1=”off” module_id=”#my-accordion” background_position=”top_left” background_repeat=”repeat” background_size=”initial”][et_pb_column type=”4_4″][et_pb_toggle title=”Requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters” open_toggle_background_color=”#e6eaea” open_toggle_text_color=”#2b2b2b” closed_toggle_background_color=”#2b2b2b” title_font=”Droid Sans|on|||” title_font_size=”20px” title_text_color=”#ffffff” body_font=”Droid Sans||||” body_font_size=”17px” body_text_color=”#2d3743″ background_position=”top_left” background_repeat=”repeat” background_size=”initial”]

MDS solutions enable you to automatically scan vendor-supplied systems and web applications for default passwords, insecure configuration settings, unnecessary services, and communications over insecure channels.

 

[/et_pb_toggle][/et_pb_column][/et_pb_row][et_pb_row admin_label=”row” make_fullwidth=”on” parallax_method_1=”off” module_id=”#my-accordion” background_position=”top_left” background_repeat=”repeat” background_size=”initial”][et_pb_column type=”4_4″][et_pb_toggle title=”Requirement 3: Protect stored cardholder data” open_toggle_background_color=”#e6eaea” open_toggle_text_color=”#2b2b2b” closed_toggle_background_color=”#2b2b2b” title_font=”Droid Sans|on|||” title_font_size=”20px” title_text_color=”#ffffff” body_font=”Droid Sans||||” body_font_size=”17px” body_text_color=”#2d3743″ background_position=”top_left” background_repeat=”repeat” background_size=”initial”]

 

MDS can show you how to monitor which users access critical systems or restricted network zones that may hold cryptographic keys, providing you with an audit trail. MDS can identify gaps in day-to-day operations, key management processes, and cardholder data (CHD) policies and recommend steps to address these deficiencies.

 

[/et_pb_toggle][/et_pb_column][/et_pb_row][et_pb_row admin_label=”row” make_fullwidth=”on” parallax_method_1=”off” module_id=”#my-accordion” background_position=”top_left” background_repeat=”repeat” background_size=”initial”][et_pb_column type=”4_4″][et_pb_toggle title=”Requirement 4: Encrypt transmission of cardholder data across open, public networks” open_toggle_background_color=”#e6eaea” open_toggle_text_color=”#2b2b2b” closed_toggle_background_color=”#2b2b2b” title_font=”Droid Sans|on|||” title_font_size=”20px” title_text_color=”#ffffff” body_font=”Droid Sans||||” body_font_size=”17px” body_text_color=”#2d3743″ background_position=”top_left” background_repeat=”repeat” background_size=”initial”]

MDS can monitor traffic over both secured and unsecured ports to identify secure cardholder data transmitted over unencrypted and unapproved channels. as well as evaluate data security and transmission encryption policies, validate your organization’s adherence to them, and recommend any necessary improvements.

[/et_pb_toggle][/et_pb_column][/et_pb_row][et_pb_row admin_label=”row” make_fullwidth=”on” parallax_method_1=”off” module_id=”#my-accordion” background_position=”top_left” background_repeat=”repeat” background_size=”initial”][et_pb_column type=”4_4″][et_pb_toggle title=”Requirement 5: Protect all systems against malware and regularly update anti-virus software or programs” open_toggle_background_color=”#e6eaea” open_toggle_text_color=”#2b2b2b” closed_toggle_background_color=”#2b2b2b” title_font=”Droid Sans|on|||” title_font_size=”20px” title_text_color=”#ffffff” body_font=”Droid Sans||||” body_font_size=”17px” body_text_color=”#2d3743″ background_position=”top_left” background_repeat=”repeat” background_size=”initial”]

MDS can help make sure anti-virus is up-to-date and running on all workstations and separately analyze all running processes on personal computers and servers for known malware, and unsigned, unusual applications, as well as evaluate and document anti-virus policies and operational procedures to ensure sustainable operation and effective controls against malware.

[/et_pb_toggle][/et_pb_column][/et_pb_row][et_pb_row admin_label=”row” make_fullwidth=”on” parallax_method_1=”off” module_id=”#my-accordion” background_position=”top_left” background_repeat=”repeat” background_size=”initial”][et_pb_column type=”4_4″][et_pb_toggle title=”Requirement 6: Develop and maintain secure systems and applications” open_toggle_background_color=”#e6eaea” open_toggle_text_color=”#2b2b2b” closed_toggle_background_color=”#2b2b2b” title_font=”Droid Sans|on|||” title_font_size=”20px” title_text_color=”#ffffff” body_font=”Droid Sans||||” body_font_size=”17px” body_text_color=”#2d3743″ background_position=”top_left” background_repeat=”repeat” background_size=”initial”]

MDS can provide solutions that simulate attacks on custom applications across environments and monitor for violations of access policies, such as any new users accessing production systems. Perform penetration tests and evaluate application security policies in use to identify security gaps in the software development lifecycle.

Solutions:

[/et_pb_toggle][/et_pb_column][/et_pb_row][et_pb_row admin_label=”row” make_fullwidth=”on” parallax_method_1=”off” module_id=”#my-accordion” background_position=”top_left” background_repeat=”repeat” background_size=”initial”][et_pb_column type=”4_4″][et_pb_toggle title=”Requirement 7: Restrict access to cardholder data by business need-to-know” open_toggle_background_color=”#e6eaea” open_toggle_text_color=”#2b2b2b” closed_toggle_background_color=”#2b2b2b” title_font=”Droid Sans|on|||” title_font_size=”20px” title_text_color=”#ffffff” body_font=”Droid Sans||||” body_font_size=”17px” body_text_color=”#2d3743″ background_position=”top_left” background_repeat=”repeat” background_size=”initial”]

Monitor access controls and baseline permitted access to systems in the cardholder data environment (CDE) to identify any suspicious change in settings or behavior.

Observe data security, system access policies, and operational procedures to identify gaps in your security program and lay out a detailed plan to address them with an optimal least privilege model.

[/et_pb_toggle][/et_pb_column][/et_pb_row][et_pb_row admin_label=”row” make_fullwidth=”on” parallax_method_1=”off” module_id=”#my-accordion” background_position=”top_left” background_repeat=”repeat” background_size=”initial”][et_pb_column type=”4_4″][et_pb_toggle title=”Requirement 8: Identify and authenticate access to system components” open_toggle_background_color=”#e6eaea” open_toggle_text_color=”#2b2b2b” closed_toggle_background_color=”#2b2b2b” title_font=”Droid Sans|on|||” title_font_size=”20px” title_text_color=”#ffffff” body_font=”Droid Sans||||” body_font_size=”17px” body_text_color=”#2d3743″ background_position=”top_left” background_repeat=”repeat” background_size=”initial”]

Audit system authentication controls, test for weak and shared passwords, and alert on any potential authentication-based attacks or misuse of privileges.

Customize security awareness training for your organization, evaluate all remote access to the network, and determine if authentication control policies are followed appropriately.

[/et_pb_toggle][/et_pb_column][/et_pb_row][et_pb_row admin_label=”row” make_fullwidth=”on” parallax_method_1=”off” module_id=”#my-accordion” background_position=”top_left” background_repeat=”repeat” background_size=”initial”][et_pb_column type=”4_4″][et_pb_toggle title=”Requirement 9: Restrict physical access to cardholder data” open_toggle_background_color=”#e6eaea” open_toggle_text_color=”#2b2b2b” closed_toggle_background_color=”#2b2b2b” title_font=”Droid Sans|on|||” title_font_size=”20px” title_text_color=”#ffffff” body_font=”Droid Sans||||” body_font_size=”17px” body_text_color=”#2d3743″ background_position=”top_left” background_repeat=”repeat” background_size=”initial”]

Test physical access controls in multiple facilities and review physical access security measures around the cardholder data environment (CDE).

 

[/et_pb_toggle][et_pb_toggle title=”Requirement 10: Track and monitor all access to network resources and cardholder data” open_toggle_background_color=”#e6eaea” open_toggle_text_color=”#2b2b2b” closed_toggle_background_color=”#2b2b2b” title_font=”Droid Sans|on|||” title_font_size=”20px” title_text_color=”#ffffff” body_font=”Droid Sans||||” body_font_size=”17px” body_text_color=”#2d3743″ background_position=”top_left” background_repeat=”repeat” background_size=”initial”]

Serve all of your technology needs for securing log data from across the organization and cardholder data environment (CDE), demonstrating the trending behavior for each individual user, and triggering security events on anomalous or suspicious activity.

Tailor to your organization’s network monitoring by evaluating your incident detection and response program, recommending best practices to enhance auditing and incident response plans, and augment, as necessary, with a fully managed detection and response team.

 

 

[/et_pb_toggle][et_pb_toggle title=”Requirement 11: Regularly test security systems and processes” open_toggle_background_color=”#e6eaea” open_toggle_text_color=”#2b2b2b” closed_toggle_background_color=”#2b2b2b” title_font=”Droid Sans|on|||” title_font_size=”20px” title_text_color=”#ffffff” body_font=”Droid Sans||||” body_font_size=”17px” body_text_color=”#2d3743″ background_position=”top_left” background_repeat=”repeat” background_size=”initial”]

Automate testing for access points, rogue devices, and vulnerability to attacks, assess the effectiveness of network segmentation controls, and alert on suspected compromises to the perimeter of the cardholder data environment (CDE).

Develop a penetration testing methodology for your business, perform Wireless Security Audits, and augment your own program, as necessary, with fully managed internal and external vulnerability management services.

 

[/et_pb_toggle][et_pb_toggle title=”Requirement 12: Maintain a policy that addresses information security for all personnel” open_toggle_background_color=”#e6eaea” open_toggle_text_color=”#2b2b2b” closed_toggle_background_color=”#2b2b2b” title_font=”Droid Sans|on|||” title_font_size=”20px” title_text_color=”#ffffff” body_font=”Droid Sans||||” body_font_size=”17px” body_text_color=”#2d3743″ background_position=”top_left” background_repeat=”repeat” background_size=”initial”]

Simulate phishing campaigns to educate users on the risk and monitor all activity across the untrusted network and cardholder data environment (CDE) to alert on potential incidents and speed incident investigation and response.

Assist in formal risk assessments, designing a customized security awareness training program, and implementing an effective incident response plan to increase readiness.

 

[/et_pb_toggle][/et_pb_column][/et_pb_row][/et_pb_section][et_pb_section bb_built=”1″ admin_label=”section” background_color=”#e6eaea” custom_padding=”24px|0px|0px|0px” _builder_version=”3.0.63″][et_pb_row admin_label=”row” custom_padding=”15px|0px|28px|0px” background_position=”top_left” background_repeat=”repeat” background_size=”initial”][et_pb_column type=”4_4″][et_pb_cta title=”Don’t Wait Until the Last Minute to Meet Compliance Standards!” button_url=”http://www.mdsny.com/contact/” button_text=”Learn More” use_background_color=”off” background_layout=”light” header_font=”Droid Sans|on|||” header_font_size=”30px” body_font=”Droid Sans||||” body_font_size=”19px” background_position=”top_left” background_repeat=”repeat” background_size=”initial”]

Contact an MDS today to receive expert guidance on how to get your security program up and running.

[/et_pb_cta][/et_pb_column][/et_pb_row][/et_pb_section][et_pb_section bb_built=”1″ admin_label=”Blurb” background_color=”#2d3743″ inner_shadow=”on” custom_padding=”40px|0px|0px|0px” make_fullwidth=”on” _builder_version=”3.0.63″ global_module=”118956″][et_pb_row admin_label=”row” global_parent=”118956″ make_fullwidth=”on” custom_padding=”0px|0px|17px|0px” background_color=”#2d3743″ background_position_1=”top_left” background_position_2=”top_left” background_position_3=”top_left” background_repeat_1=”no-repeat” background_repeat_2=”no-repeat” background_repeat_3=”no-repeat” _builder_version=”3.0.63″ background_size=”initial” background_position=”top_left” background_repeat=”repeat” background_image=”http://www.mdsny.com/wp-content/uploads/2017/06/PCI.jpg”][et_pb_column type=”1_2″][et_pb_blurb global_parent=”118956″ background_layout=”dark” _builder_version=”3.0.63″ header_font=”Droid Sans||||” header_font_size=”26px” header_text_color=”#d1d1d1″ body_font=”Droid Sans||||” body_font_size=”16px” body_text_color=”#dfdfdf” background_size=”initial” background_position=”top_left” background_repeat=”repeat” inline_fonts=”Droid Sans”]

Our Pledge:

Building out and maintaining your IT ecosystem doesn’t have to be a do-it-yourself project. MDS can help identify network issues, configure devices, and optimize your infrastructure to maximize efficiency and performance. Our consultants are highly trained technology specialists that understand the complexities of multi-vendor environments and have the knowledge and skills to help your business become more agile, customer-focused and operationally efficient.

[/et_pb_blurb][/et_pb_column][et_pb_column type=”1_4″][et_pb_blurb global_parent=”118956″ background_layout=”dark” _builder_version=”3.0.63″ header_font_size=”26px” header_text_color=”#d1d1d1″ body_font=”Droid Sans||||” body_font_size=”16px” body_text_color=”#dbdbdb” background_size=”initial” background_position=”top_left” background_repeat=”repeat”]

Upcoming Events:

Ransomware is on the rise: let’s talk about how to stay safe over some wine!

[/et_pb_blurb][/et_pb_column][et_pb_column type=”1_4″][et_pb_blurb global_parent=”118956″ background_layout=”dark” _builder_version=”3.0.63″ header_font_size=”26px” header_text_color=”#d1d1d1″ body_font=”Droid Sans||||” body_font_size=”16px” body_text_color=”#dfdfdf” background_size=”initial” background_position=”top_left” background_repeat=”repeat”]

Contacts: |

NYC Headquarters:
307 West 38th Street, Suite 1801
New York, NY 10018
Tel: 646-744-1000

Miami Office:
Tel: 786-899-2980
San Juan Office: Tel: 646-460-6229

Email
: contactus@mdsny.com

[/et_pb_blurb][/et_pb_column][/et_pb_row][/et_pb_section]