PCI DSS & PA-DSS Compliance

If you accept credit cards or develop payment card applications or services, you should be well aware of the cost of security breaches. In 2012, the Identity Theft Resource Center (ITRC) documented 447 breaches in the United States, exposing 17,317,184 records. In the first half of 2013, 255 incidents were reported, exposing 6,207,297 records (now more than 9 million following the recent Adobe breach). Although these major breaches have grabbed the headlines, small and medium sized businesses face an even higher risk with over 80% of attacks hitting them.

What Does This Mean For Me?

If you accept payment cards and you experience a data breach, you could be forced to pay fines, have your ability to accept payment cards restricted or terminated, have your processing costs increase, and face damage to your business, your bottom line and your reputation.

Your PCI Compliance Requirements Have Never Been More Urgent

PCI DSS (for merchants accepting payment cards) and PA-DSS (for payment card-related software, application, and platform developers) have been around since 2004 and 2008 respectively, and version 3.0 of the PCI DSS standard is set to become effective on January 1, 2014. The threats continue to increase as the cyber criminals leverage their technology to attack organizations of all sizes.

Manage Your Security and Compliance Investment Wisely

Securing your customers’ payment card data and becoming compliant is of paramount importance, but it does not make sense to spend more on security and compliance than you have to. That’s why 4A Security views all security and privacy programs through the lens of Risk Management, employing a risk-based methodology to design a turnkey solution that meets your particular compliance requirements and fits your organization’s size, budget and resources. Our approach is thorough, yet cost-effective.

Your People Already Have Full-time Jobs. We Won’t Waste Their Time.

4A Security understands that you are not in business to do compliance and information security. We work with your key resources to set the agenda, establish priorities and make critical decisions. Using our automated security tools and compliance management infrastructure, we minimize the time they need to spend completing the project. We deliver tangible results quickly and we minimize the drain on your critical resources as much as possible.

We Stay On Top of Every Detail So You Don’t Have To

PCI compliance requirements are changing and the threat landscape is constantly in flux. As the new PCI DSS 3.0 standard will have to be implemented over the next year, our experts stay on top of all the details, allowing you to focus on your business, clients and customers.

Give us a call to learn more about how 4A Security can help you quickly achieve PCI DSS or PA-DSS Compliance. Get started with a free Risk Assessment Consultation. Phone 484 858 0427

Need help achieving compliance with the PCI DSS and PA-DSS Standard?

Whether you just need to fill in a few gaps in your security controls or you need a comprehensive security solution, 4A Security offers a comprehensive suite of security tools that can be tailored to meet your particular requirements. The selection of solutions described below is cross-referenced to specific PCI Standards and Requirements. These represent only a small subset of the full suite of controls 4A Security can implement. For more information on our complete Security Offerings, please contact us here and one of our technical Service Representatives will be happy to answer any questions you may have.


Build and Maintain a Secure Network

Requirement 1: Install and maintain a firewall configuration to protect cardholder data

4A Security can deploy firewalls and use both passive and active scanning techniques to canvas everything on your network in real time. This continuous asset monitoring integrates with industry-leading vulnerability scanning and incident management workflows to enable continuous asset compliance.
In addition, 4A Security can implement a Change Control tool-set that identifies change activity in server environments that can lead to security breaches and data loss. Change Control makes it easy to meet PCI compliance requirements, respond promptly to threats and report them.

Requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters

4A Security deploys a Vulnerability Management tool that automatically, determines if the latest patches to your systems have been applied, and tests for common weaknesses such as weak passwords, default accounts and passwords, and other common threats.

Protect Cardholder Data

Requirement 3: Protect stored cardholder data

Since your credit card data will most likely be stored in databases, the 4A Security tool automatically finds databases on your network, protects them with a set of preconfigured defenses, and helps you build a custom security policy for your environment — making it easier to demonstrate PCI compliance to auditors and improve critical asset data protection. This monitoring cost-effectively protects your data from all threats by monitoring activity locally on each database server and by alerting or terminating malicious behavior in real time, even when running in virtualized or cloud computing environments.

Requirement 4: Encrypt transmission of cardholder data across open, public networks

4A Security can deploy industry leading encryption algorithms on desktop PCs, Macs, laptops, network files and folders, removable storage media and other devices. Full disk encryption for PCs and Macs, and file and removable media protection are also available. Our enterprise encryption solution also offers remote remediation and proof of encryption compliance reporting.

Maintain a Vulnerability Management Program

Requirement 5: Use and regularly update anti-virus software or programs

The 4A Security anti-malware solution provides advanced, superior protection against malicious code (viruses, worms, trojans, etc.) that can infect and impact a computer system running the Windows, Linux and Macintosh operating systems, as well as virtual servers, virtual desktops, network-attached storage devices, and mobile devices.

Requirement 6: Develop and maintain secure systems and applications

4A Security employs state-of-the-art Governance, Risk & Compliance tools as part of its Risk Assessment/Analysis process. In this way, we quickly identify the critical information security assets, risks and compliance gaps as well as threats and vulnerabilities that need to be addressed and remediated.

Implement Strong Access Control Measures

Requirement 7: Restrict access to cardholder data by business need-to-know
Requirement 8: Assign a unique ID to each person with computer access

4A Security offers a range of Identity Access Management solutions to address these requirements, depending on your particular environment. These include host-based, cloud-based and network-based solutions. Monitoring & Analysis solutions are an essential component of access management, aiding in detecting system anomalies that could be indicative of system misuse or even a system breach.

Maintain an Information Security Policy

Requirement 9: Restrict physical access to cardholder data,
Requirement 10: Track and monitor all access to network resources and cardholder data
Requirement 12: Maintain a policy that addresses information security for all personnel

4A Security develops physical security policies and procedures for your organization that are based on industry best practices, to ensure that your physical plant and access to all IT resources and data assets are well protected, whether they are electronic or on paper.

Requirement 11: Regularly test security systems and processes

4A Security employs a PCI Certification Service that provides guidance, real-time analysis of your compliance status, and quarterly automated scanning. Working directly with Visa International, this accurate, easy-to-use service makes PCI compliance more affordable and more reliable for organizations of all sizes.