PCI DSS Compliance
What Is the PCI DSS?
The Payment Card Industry Data Security Standard (PCI DSS) is a set of 12 detailed requirements for all companies that store, process, or transmit cardholder data. PCI DSS was formulated by the PCI Security Standards Council, which was founded by five global brands: American Express, Discover Financial Services, JCB International, MasterCard Worldwide and Visa Inc.
Who Has to Conform to the PCI DSS?
If your product stores, processes or transmits the primary account numbers (PAN), your product should conform to the PCI DSS. Almost all service providers and merchants must comply with PCI standards if they allow payment by bank card.
The number of necessary actions differs depending on the number of payment card transactions that your application performs during one year. A more detailed explanation can be found in our blog article.
DataArt provides a number of services to help you structure your workflow in accordance with the PCI DSS.
When it comes to understanding PCI requirements, the task might turn out to be tricky. Foreseeing the difficulties that some companies might have, DataArt experts offer consultations in order to help you achieve PCI DSS compliance, saving your time and money during attestation.
Among other things, one of the PCI requirements states that in order to comply with PCI DSS, an organization must have penetration testing carried out by a third-party vendor annually or after each major update. DataArt has a documented approach to penetration testing services based on industry-accepted penetration testing methodologies, utilizing both automated tools and manual techniques to discover existing vulnerabilities. The deliverable includes an in-depth report with assessment results, as well as the letter of opinion required for PCI DSS validation. More information can be found in the appropriate section.