RSI Security

Category: PCI DSS

Stay up-to-date with PCI DSS compliance. Explore in-depth guides, implementation steps, and best practices to safeguard payment data and meet regulatory standards.

  • What Is PAN Data And Why Is It Important?

    What Is PAN Data And Why Is It Important?

    The act of storing primary account numbers (PANs) has already had a profound effect on network security for a plethora of organizations.  Massive data breaches have ensued over the years based on companies choosing to store PANs on their servers for ease of access.

    Many companies who have been inflicted by a data breach use this excuse of consumer convenience in their choice to store PAN data on their network.  These companies who use this excuse also are not Payment Card Industry Data Security Standard (PCI DSS) compliant as the PCI DSS requires that merchants never store track data, for any reason.  

    (more…)

  • How To Choose The Right Approved Scanning Vendor For Your Company

    How To Choose The Right Approved Scanning Vendor For Your Company

    Making the choice for an approved scanning vendor (ASV) is an important consideration for organizations looking to achieve or maintain compliance with the Payment Card Industry (PCI) requirements. The requirements set forth in the PCI Data Security Standards (PCI DSS) are intended to provide end-to-end security for cardholder data. A central component of the PCI DSS is the requirement for entities covered by the PCI DSS to have regular external scans of their networks and systems. As such, PCI approved scanning vendors occupy a central role in ensuring that organizations covered by PCI DSS achieve and maintain compliance advisory services with these requirements over time.

    (more…)

  • What are the PCI ASV Scanning Requirements?

    What are the PCI ASV Scanning Requirements?

    The process of understanding the entirety of what Payment Card Industry Data Security Standards (PCI DSS) covers is an extremely daunting task for business decision makers.  An increasingly important aspect of Payment Card Industry (PCI) compliance has become maintaining compliance with the Approved Scanning Vendor (ASV) requirements notated within PCI DSS.  One of the notable requirements that entities must adhere to are those that cover ASV Scans. These vulnerability scans are quite complex in nature and require many man hours of preparation on the vendor and company side to ensure proper consumer payment card protection in the organization’s cardholder environment.

    (more…)

  • ASV Scanning Responsibilities

    ASV Scanning Responsibilities

    You have determined that you need vulnerability scanning from an approved scanning vendor (ASV), probably because you need to maintain or establish PCI compliance. Most businesses require at least quarterly scanning. You have done your research and selected a vendor, verified they are approved on the PCI website and are ready to get started. There are several parties involved in this process from the Card Brands to the merchant and the ASV. We will discuss the responsibilities of each.

    (more…)

  • What Are the Differences Between PCI DSS and EI3PA Requirements?

    What Are the Differences Between PCI DSS and EI3PA Requirements?

    In 2018 certain industries are under the spotlight more than others and service providers are being watched much more closely. One of the industries that seem to be under fire every week is the security of consumer information. For example, patients in the health care industry are protected with patients rights under HIPAA laws. On the grander scheme, the world has gone futuristic and, unfortunately, that includes criminals. Whether its Macys, Sears or Saks Fifth Avenue, companies big and small have become targets for hackers. Regrettably, the data hacks of stores of any size affect all of us.

    (more…)

  • Tracking and monitoring all access to network resources and cardholder data (PCI DSS Reqs. 3, 7, 10)

    Tracking and monitoring all access to network resources and cardholder data (PCI DSS Reqs. 3, 7, 10)

    Recent statistics have shown that 42% of consumers feel that credit cards are the safest payment option to protect cardholder data for their online purchases. With more consumers focusing on purchasing online rather than via brick and mortar retailers, this means that online retailers must take extra care in monitoring their network resources as they pertain to their cardholder data. Consumers are well within their entitlement to expect that their credit card transaction is secure once it has been processed. However, that expectation might fall short if the pathways that the payment company develops does not securely transmit their cardholder data once the transaction goes through. It is for this reason (and many others) that securing access to network resources for any organization that processes and/or stores credit card payments is critical.

    (more…)

  • Deploying Secure Systems and Applications (PCI DSS Req. 6)

    Deploying Secure Systems and Applications (PCI DSS Req. 6)

    The Payment Card Industry (PCI) is a coalition of credit card companies including American Express, Discover, MasterCard and Visa that is built on the backbone of 12 requirements specified in the PCI Data Security Standards (DSS). These requirements were implemented to ensure the continued financial safety of businesses and consumers alike. The number and severity of data breaches constantly on the rise and the PCI DSS requirements are there to provide organizations with the compliance framework they need to maintain a high level of network security.

    (more…)

  • Protecting System Components in CDE through Encryption

    Protecting System Components in CDE through Encryption

    Encrypting your cardholder data environment (CDE) is of paramount importance if youre keen on not just protecting your customers card data, but also salvaging your organizations data security. If your company handles any amount of credit card information, it must comply with the PCI DSS (Payment Card Industry Data Security Standards).

    (more…)

  • Performing Regular Testing, Risk Analysis, and Addressing Risks

    Performing Regular Testing, Risk Analysis, and Addressing Risks

    Consistently testing and quickly addressing risks to your network security system is not just one of the common security controls that can be looked over, it is imperative to effective and safe performance. If your companys security system does not receive the necessary updates to its infrastructure, it can be potentially devastating for your organization.

    Not being on top of these essential tasks can open the door to a myriad of cyber security threats from internal and external sources that could take years to recover from. However your business plans to approach security system testing, you should make sure you efforts fall in line with Payment Card Industry Data Security Standard (PCI DSS) requirements. (more…)

  • PCI Compliance Firewall Requirements (PCI DSS Req. 1)

    PCI Compliance Firewall Requirements (PCI DSS Req. 1)

    With the rise of credit cards and online banking, financial theft has gradually shifted away from physical bank robberies to electronic payment fraud. Although payment cards facilitate convenient financial transactions for society, they also offer an ideal opportunity for threat actors to remotely steal a person’s identity or breach a companys information database. While all cybersecurity solutions are important, we want to first dive into how to increase your security across the payment card industry.

    (more…)