Merchants and other transactional based organisations may be required by their provider's to become PCI Compliant. An industry body supported by the major card provider's (Mastercard, VISA, Amex, JCB, Diners) have set a published standard called the PCI-DSS to help those organisations that handle card information within their systems. In total there are 6 different objectives within the PCI-DSS.

1. Build and Maintain a Secure Network
2. Protect Cardholder Data
3. Maintain a Vulnerability Management Program
4. Implement Strong Access Control
5. Monitor and Test Networks and systems
6. Maintain an Information Security Policy Framework

In most cases, organisations we meet, are typically quite good at implementing and managing a firewall. However, the other five objectives seem to be a lot harder to achieve. Protecting card holder data is not only a PCI-DSS requirement but also a Australian Privacy requirement, as well as other compliance requirements. Although, a number of these tasks may seem trival, they are sometimes difficult to implement.

Appsecure works alongside our clients to assist them in the following areas for PCI-DSS compliance. We can also assist with an initial self audit of your systems and environment if required.

Protect Cardholder Data - In most cases you shouldn't be storing data, even if you just simply pass the card data between systems (i.e your bank and your service), you are still required to implement security controls. Depending on the type of data and the way your system needs to transact information, you may require different security options. It is important overall, to ensure the data cannot be compromised or intercepted during the transaction or storage process within your system.

Implement Strong Access Control - Ensuring that controls are in place to restrict relevant access to systems is critical in securing any credit card or PCI related data in your systems. Undertaking an audit of your application to ensure access has been secured correctly will better help understand whether controls are in place.

Monitor & Test Network and Systems - By undertaking regular audits of your systems, you can identify potenial security threats in your systems prior to the threat being initiated from someone outside of your control. Our testing can be undertaken with the specific goal of ensuring the system and data security would pass PCI compliance.

Maintain an Information Security Framework - Ultimately, to save time and money, as well as ensuring that vulnerabilities and risks are not introduced into the environment later in the lifecycle, an information security framework should be implemented. This will help ensure the relevant processes and guidelines as well as education and training is in place to avoid possible security breaches in the future.

Appsecure has helped many organisations in Australia in achieving PCI Compliance. Our team of consultants also work directly with OWASP in setting standards (where PCI recommends and uses OWASP), thus making our team the authoritative source in understanding and implementing PCI related security within their systems.

	Client Enquiry Request (complete the form below, and we'll contact you) Name: * Company: * Email: * Contact Number: *    We take privacy seriously, read our privacy policy