The Payment Card Industry Data Security Standard (PCI DSS) is a set of technical and operational requirements to protect cardholder data. PCI DSS applies to all entities that store, process, and/or transmit cardholder data. All merchants who accept or process payment cards are expected to comply with the security standards. The PCI council is responsible for managing the security standards, while compliance with the PCI set of standards is enforced by the five major payment card brands, who are the founding members of the council.
The security standards relate to organizations that deal with payment card transactions and have access to customer information from processing to storing and transmitting sensitive cardholder data. Compliance with PCI DSS helps alleviate vulnerabilities associated with cardholder data.
Phillips Consulting is the first indigenous Qualified Security Assessor firm in West Africa approved by PCI Security Standards Council to assess and certify financial service companies, merchants and service providers in achieving and maintaining compliance with the Payment Card Industry Data Security Standards (PCI DSS). We bring on board our wealth of security management and consultancy experience to assist organizations in achieving their certification and re-certification compliance status in record time.
We are focused on assisting financial service companies, merchants, online stores and service providers achieve and maintain compliance with the payment card industry data security standard.
We offer a portfolio of management, technical and consultancy services that effectively constitute and ascertain compliance, therefore allowing organizations focus on achieving strategic and business goals.
- Validate the processes, infrastructures and people that transmit, store or process cardholder data within the cardholder data environment using manual and automated techniques.
- Conduct a complete onsite PCI DSS assessment consistent with all applicable PCI standards, requirements and testing procedures.
- Design and conduct self assessment questionnaires for merchants and service providers.
- Provide guidance on remediation initiatives and compensating controls of gaps and vulnerabilities
- Prepare report on compliance and attestation of compliance.
The PCI DSS is the global data security standard adopted by the payment card brands for all entities that process, store or transmit cardholder data. It consists of common sense steps that mirror security best practices such as:
Build and Maintain a Secure Network
Requirement 1: Install and maintain a firewall configuration to protect cardholder data.
Requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters
Protect Cardholder Data
Requirement 3: Protect stored cardholder data
Requirement 4: Encrypt transmission of cardholder data across open, public networks
Maintain a Vulnerability Management Program
Requirement 5: Use and regularly update anti-virus software
Requirement 6: Develop and maintain secure systems and applications
Implement Strong Access Control Measures
Requirement 7: Restrict access to cardholder data by business need-to-know
Requirement 8: Assign a unique ID to each person with computer access
Requirement 9: Restrict physical access to cardholder data
Regularly Monitor and Test Networks
Requirement 10: Track and monitor all access to network resources and cardholder data
Requirement 11: Regularly test security systems and processes
Maintain an Information Security Policy
Maintain a policy that addresses information security for all personnel.