Protect Cardholder Data and Maintain PCI Compliance with PCI Penetration Testing
0 likes738 views
The document discusses PCI DSS (Payment Card Industry Data Security Standard) compliance. It notes that while compliance has improved, four out of five companies still fail interim assessments, showing they have not sustained necessary security controls. It emphasizes that organizations handling credit card payments through activities like retail, banking, travel, etc. must comply with PCI standards to protect card data from breaches. Regular penetration testing is encouraged to identify and fix vulnerabilities before attackers do so.
Protect Cardholder Data and Maintain PCI Compliance with PCI Penetration Testing
- 2. PCI DSS (Payment Card Industry Data Security Standard) • Requirements and guidelines to ensure credit card information is properly secured • Hot topic due to recent large scale payment card data breaches • Not only retailers are affected • Any organization that takes credit card payments should be in compliance with latest PCI guidance, PCI DSS 3.1 – Zoos – Airlines – Banks – Etc.
- 3. PCI DSS Version 3.1 • Effective July 1, 2015 • Includes minor updates and clarifications – Addresses vulnerabilities within the SSL encryption protocol that can put payment data at risk • Requirements 11.3.1 and 11.3.2 encourage penetration testing annually or after any significant change to IT environment – Can include any upgrade or modification that could affect the security of cardholder data – Aims to ensure that controls assumed to be in place continue to work effectively after updates
- 4. Where Companies Fail “Compliance with the Payment Card Industry Data Security Standard continues to improve, but four out of five companies still fail at interim assessment. This indicates that they’ve failed to sustain the security controls they put in place.” Verizon 2015 PCI Compliance Report • Find and fix your vulnerabilities before an attacker does – Vulnerability scanning alone is not sufficient – Penetration testing reduces false positive results by discovering which weaknesses could actually result in an exploit • Maintain the controls put in place for continued security
- 5. TraceSecurity PCI Penetration Testing • Follows PCI guideline best practice methodology to include a/an: – Engagement Interview – Network Documentation Collection – Network Scope – Segmentation Checks – Application and Network Testing – Immediate Notification of Critical Risks and/or Encountering Cardholder Data – Post-Engagement Retesting and Environment Clean-Up • PCI test results are provided in an extensive report
- 6. TraceSecurity PCI Penetration Testing (cont’d) • Better equips organizations to prevent cybersecurity attacks and maintain PCI compliance • Since 2004, TraceSecurity has performed nearly 10,000 penetration tests • Our information security analysts maintain certifications suggested by PCI guidelines that include but are not limited to: – Offensive Security Certified Professional (OSCP) – Certified Ethical Hacker (CEH)
- 7. Educational Webinar and Blog • Join TraceSecurity for a free webinar. Learn how you can protect your customers’ payment data and comply with new PCI standards. – This webinar explores some of today’s most publicized card data breaches and discusses how organizations can effectively evaluate and test the security of both internal and external systems that are involved in the processing or protection of cardholder data to ensure they maintain PCI compliance. • Read TraceSecurity's blog titled “TraceSecurity PCI Penetration Testing Meets PCI DSS 3.1.” CLICK HERE TO REGISTER/WATCH CLICK HERE TO READ BLOG
- 8. thought leadership webinars on-demand our blog our monthly newsletter www.tracesecurity.com ©2015 TraceSecurity, Inc. All rights reserved worldwide. Connect with us! DOWNLOAD WATCH READ RECEIVE Access more educational content from TraceSecurity,