Payment Card Industry Data Security Standard Compliance

Visa, MasterCard and other major credit card companies expect that all companies, which process payment transactions, are compliant with the Payment Card Industry (PCI) Data Security Standard (DSS).

The information security audit is conducted at vendors who receive more than 20.000 online payments annually, and at other companies gathering payment and transaction related information from other companies. Adherence to the PCI DSS standard will be supervised via independent audits conducted by qualified vendors.

NXme implements this service in co-operation with Nixu Ltd. (Finland).

PCI Levels and Validation Actions

PCI DSS validation controls are related to the number of credit card transactions processed, handled or stored annually. Thus, the customer is offered only the modules that are needed to meet customer's PCI DSS standard compliance, and the customer can select services needed.

NX PCI Audits and Services

Onsite Audit

Our SecOnSite PCI is a standardized and Visa's approved method for performing annual PCI DSS onsite audits whose objective is to ensure your compliance to meet PCI DSS standard requirements:

• Build and Maintain a Secure Network
• Protect Cardholder Data
• Maintain a Vulnerability Management Program
• Implement Strong Access Control Measures
• Regularly Monitor and Test Networks
• Maintain an Information Security Policy

Project outcome will be a formal Report On Compliance (ROC), and a project summary, which provides a thorough analysis of the findings and recommendations for our customer.

PCI Vulnerability Scan

Our SecBase PCI is a standardized and Mastercard approved network security service whose objective is to discover possible vulnerabilities and security weaknesses in network components in your environment.

Project outcome will be a formal Report On Compliance (ROC) and project documentation, which is an in-depth analysis outlining and prioritizing the vulnerabilities and security weaknesses found in the target systems. The report includes development recommendations to solve these problems.

Penetration Testing

Penetration testing is a requirement of the PCI onsite audit procedures to evaluating your information security measures. The most common procedure is that the security measures are actively analysed for technical flaws, vulnerabilities and design weaknesses. Read more about our Technical Security Audits.

Wireless Network Analysis

PCI version 1.1 requires quarterly wireless network assessments to analyse possible malicious WLAN (Wi-Fi) access points in your environment. Read more about our Technical Security Audits.

PCI Compliance Consulting

Our certified security consultants are working locally in Finland and the Middle East, thus auditors work closely and know local business requirements and laws to help your organization meet PCI requirements. Read more about our Security Management Consulting services.