 |
 Home  Contact |
 |
|
|
PCI - OverviewA Managed Services Approach to PCI Compliance. Digital Defense has successfully completed the PCI Scanning Vendor Compliance testing. DescriptionDo you process VISA, MasterCard or any other major credit card transactions in carrying-out business with your clients? If so, your organization falls into one of four merchant levels, which are defined by the Payment Card Industry (PCI) Security Standards Council (SSC). The specific level is dependent upon many factors including, but not limited to the number of credit card transactions processed each year by your organization, the type of credit card transactions that you process (e.g., MasterCard, VISA, American Express, etc.), and whether or not your organization has already experienced some form of credit card data security compromise. A matrix exists on the MasterCard Site Data Protection website. Depending upon your merchant level and other factors, your company may be required to undergo network security testing by an Approved Scanning Vendor (ASV). The matrix is located at https://sdp.mastercardintl.com/merchants/merchant_levels.shtml Digital Defense is certified by the PCI SSC as an ASV. We are the first ASV to offer a Managed Services approach to PCI compliance. Our PCI Managed Services Program not only determines if your organization.s network complies with PCI requirements, it also provides for the availability of trained security analysts to work with your internal IT personnel (or a third party organization that you designate), to help remediate vulnerabilities that are identified, if your company should fall short of the minimum criteria to achieve PCI certification. After our analysts have determined that your network meets the necessary set of criteria to be PCI certified, Digital Defense will provide your company with reports, which document your company.s successful completion of the testing required by the PCI SSC. Special FeaturesPlatform Updates & Immediate Security Alert NotificationsDigital Defense employs a full-time staff of collaborative software development engineers and security analysts to provide you with a state-of-the-art PCI compliant platform. Digital Defense performs platform updates on an ongoing basis and provides these updates at no additional charge to PCI Program clients. Further, Digital Defense provides immediate notification of any critical or high-level security vulnerabilities that we detect on your Internet-facing networks, and notifies you when your PCI assessments are ready for review. Security Vulnerability Remediation Project ManagementDigital Defense analysts will work with your designated IT personnel, or with third party firms providing IT services to your institution, to resolve identified vulnerabilities. Digital Defense analysts maintain objectivity by serving in a project management capacity during this phase of the program. By maintaining our objectivity in this fashion, we not only ensure that your organization rapidly addresses security vulnerabilities identified, but also eliminate any possible conflicts of interest. Information ResourcesThe PCI Program includes a complimentary subscription to our periodic publications, including our quarterly Newsletter and the new Frontline Intelligence bulletin. It also includes access to the educational Webinars that we host throughout the year. PCI Program BenefitsYour organization will quickly realize the many benefits provided by securing a PCI Program from a respected, professional firm that provides significant commercial benefits in exchange for your contract commitments. The efficiency gains realized from longer-term engagements are passed directly back to you. The information security tools we have developed over the last seven years, coupled with our breadth and depth of experience in the security field, enable us to work with you to enhance your security posture, help you attain PCI compliance, and manage business risk. |