Are your transactions secure?
Secure all card transactions made in your company by complying with PCI-DSS standards, reducing fraud and increasing security for your business.
What is PCI-DSS?
It stands for "Payment Card Industry - Data Security Standard" and defines a set of requirements for managing the security and protection measures involved in the transmission, processing, or storage of payment card information.
Its purpose is to reduce fraud related to payment cards and increase the security of this data to protect the card payment industry.
Why should you comply with PCI-DSS?
We must ensure that customer data is always fully protected.
It is necessary to know that:
Protecting data helps us prevent fraud associated with security breaches that may occur in the system.
We must avoid losing the trust of our customers, since they entrust us with the confidentiality of their personal data.
In the event of unauthorized access, this can lead to damage to the brand, with economic and image-related consequences, etc.
The techniques of criminal organizations are perfected , and it is necessary to stay up-to-date to ensure security.
What are the consequences of non-compliance?
Failure to comply with these rules can have serious consequences, including:
Fines or penalties imposed by brands or purchasers, as well as payment of compensation to those affected
Unable to work with the acquirer, they must ensure that all acquired businesses meet standards.
Possibility of non-compliance with other laws and regulations
Who must comply with the standard
PCI-DSS ?
Any entity that stores, processes, or transmits cardholder data must comply with this standard.
This ranges from manufacturing (PTS) to software developers (PA) to merchants and service providers (DSS) .
These three standards provide the basis for cardholder data protection:
PTS: Payment Devices.
PA: Payment applications.
DSS: Processes and infrastructure of businesses and service providers.
Three steps
for your
compliance
1 - Evaluation
Identify cardholder data from the inventory of IT assets and business processes for card payment processing, identifying vulnerabilities that could expose the data.
2 - Correction
Resolving detected vulnerabilities and not storing cardholder data.
3 - Report
Requires collecting and submitting correction validation records (if applicable) and submitting compliance reports to the banks and card issuers with which you do business.
Contact us today and get certified
in PCI-DSS with Nordstern
Certification objectives
- Develop and maintain a secure network.
- Protect cardholder data.
- Maintain a vulnerability management program.
- Implement robust access control measures.
- Monitor and evaluate networks regularly.
- Maintain an information security policy.
What are the requirements ?
Proper protection of card data requires robust security measures, such as a strong firewall and router configurations, avoiding default passwords, and encrypting data transmission.
In addition, antivirus software must be used and regularly updated, secure systems developed, data access restricted, and all access to network resources tracked.
It is essential to conduct regular security tests and maintain clear information security policies for employees and contractors.
Levels of compliance
for merchants
Level 1
- If you process more than 6 million VISA or MasterCard transactions per year.
- If you process more than 2.5 million AmEx transactions per year.
Level 3
- If it processes between 20,000 and one million VISA transactions per year.
- If you process more than 20,000 MasterCard transactions per year.
- If you process fewer than 50,000 AmEx transactions per year.
Level 2
- If it processes between 1 and 6 million VISA transactions per year.
- If you process more than 150,000 MasterCard transactions per year.
- If it processes between 50,000 and 2.5 million AmEx transactions per year.
Level 4
The rest of the merchants that handle VISA or MasterCard
Compliance levels for service providers
Level 1
VISA:
- If they process more than 300 transactions annually.
- All VISANet processors.
- All payment gateways.
MasterCard:
- If they process more than 300 transactions annually.
- All data custodian entities (DSEs) that process, store, or transmit cardholder data to Level 1 and Level 2 merchants.
Level 2
VISA:
- If they process fewer than 300 transactions annually.
- Any service provider that processes, stores, or transmits one million or more VISA accounts or transactions per year.
MasterCard:
- If they process fewer than 300 transactions annually.
- All (DSEs) that process, store or transmit cardholder data to Level 3 merchants.
- The rest of (DSEs)
Why Nordstern?
In our service offering, we offer a robust coverage policy against consulting errors and preferential pricing through agreements with acquiring banks.
With extensive experience in the global e-commerce sector, we provide free training on standards and have an Internal Quality Committee to validate documentation, ensuring compliance with standards such as PCI DSS and Payment Methods before formal delivery to the client.
Our proposal stands out for its technical excellence , supported by policies and processes that guarantee quality results and customer satisfaction .
Gap analysis
Verification of the initial state of compliance.
PCI-DSS Assessment Report.
Remediation
Def. compliance activities with review/progress sessions.
Identification of deviations.
ASV Scans
Quarterly internal and/or external network scans.
Penetration testing
Internal and external penetration testing.
