Payment Card Industry Data Security Standard Compliance

Visa, MasterCard and other major credit card companies expect that all companies, which process payment transactions, are compliant with the Payment Card Industry (PCI) Data Security Standard (DSS).

The information security audit is conducted at vendors who receive more than 20.000 online payments annually, and at other companies gathering payment and transaction related information from other companies. Adherence to the PCI DSS standard will be supervised via independent audits conducted by qualified vendors.

NXme implements this service in co-operation with Nixu Ltd. (Finland).

PCI Levels and Validation Actions

PCI DSS validation controls are related to the number of credit card transactions processed, handled or stored annually. Thus, the customer is offered only the modules that are needed to meet customer's PCI DSS standard compliance, and the customer can select services needed.

PCI Levels and Validation Actions

NX PCI Audits and Services

Onsite Audit

Onsite Audit

Our SecOnSite PCI is a standardized and Visa's approved method for performing annual PCI DSS onsite audits whose objective is to ensure your compliance to meet PCI DSS standard requirements:

  • Build and Maintain a Secure Network
  • Protect Cardholder Data
  • Maintain a Vulnerability Management Program
  • Implement Strong Access Control Measures
  • Regularly Monitor and Test Networks
  • Maintain an Information Security Policy

Project outcome will be a formal Report On Compliance (ROC), and a project summary, which provides a thorough analysis of the findings and recommendations for our customer.

PCI Vulnerability Scan

Our SecBase PCI is a standardized and Mastercard approved network security service whose objective is to discover possible vulnerabilities and security weaknesses in network components in your environment.

Project outcome will be a formal Report On Compliance (ROC) and project documentation, which is an in-depth analysis outlining and prioritizing the vulnerabilities and security weaknesses found in the target systems. The report includes development recommendations to solve these problems.

Penetration Testing

Penetration testing is a requirement of the PCI onsite audit procedures to evaluating your information security measures. The most common procedure is that the security measures are actively analysed for technical flaws, vulnerabilities and design weaknesses. Read more about our Technical Security Audits.

Wireless Network Analysis

PCI version 1.1 requires quarterly wireless network assessments to analyse possible malicious WLAN (Wi-Fi) access points in your environment. Read more about our Technical Security Audits.

PCI Compliance Consulting

Our certified security consultants are working locally in Finland and the Middle East, thus auditors work closely and know local business requirements and laws to help your organization meet PCI requirements. Read more about our Security Management Consulting services.

Key Customer Benefits

You avoid substantial non-compliance fines and penalties

You mitigate the risk of compromising valuable card holder data

You have proof of your company information security situation

Compliance provides a clear competitive advantage for service providers

In case of a compromise, PCI DSS compliant company may avoid significant fines and penalties

Compliance increases the level of customer trust and amplifies the positive image of your company

Terminology

PCI
Payment Card Industry
DSS
Data Security Standard
QSA
Qualified Security Assessor
QSAP
Qualified Security Assessor Professional

Related Information

The security of cardholder data has become one of the biggest concerns facing the online payment industry. By following requirements and procedures of PCI data security standard:

Contact

Please see Contact for further information.