The Payment Card Industry (PCI) Data Security Standard (DSS) provides a baseline of technical and operational requirements designed to protect cardholder data. PCI DSS applies to all entities involved in payment card processing – including merchants, processors, acquirers, issuers, and service providers, as well as all other entities that: Store; Process; and or Transmit Cardholder data.
Though PCI Council is responsible for defining and updating the standard yet card brands are the driving forces to mandate the compliance. Currently there are specific deadlines issued by card brands like Visa to require the entities like merchants, acquirers and service providers to demonstrate compliance by undergoing either SAQ (Self-assessment questionnaire) or an onsite audit conducted by QSA (Qualified Security Assessor) company—depending on the transaction volumes.
PCI - DSS Services Offered:
PCI DSS for Web Application penetration testing:
For web application penetration testing, mile2® adheres to OWASP (Open Web Application Security Project) standards. OWASP provides a framework of recommendations that can be used as a benchmark to help identify vulnerabilities and risks in web applications.
mile2® is able to help merchants manage data security risks, evaluate the security of their systems that store payment account data, and assist them in achieving compliance with the PCI data security standard (DSS) using state of the art security tools and processes.
PCI requires organizations to monitor and test networks to find and fix vulnerabilities on a regular basis. mile2® can help merchants meet and exceed the following PCI requirements:
11.2 Run internal and external network vulnerability scans at least quarterly and after any significant change in the network
11.3 Perform external and internal penetration testing at least once a year and after any significant infrastructure or application upgrade or modification, including network- and application-layer penetration tests.
6.6 For public-facing web applications, address new threats and vulnerabilities on an ongoing basis and ensure these applications are protected against known attacks by either of the two methods.
At the conclusion of the testing process, clients receive a mile2® SAR (Security Assessment Report) which includes comprehensive information to empower clients to make the necessary changes to adhere to compliance standards.
mile2® is licensed and Insured with Darwin, an Allied World Assurance company and works in conjunction with GRC360, a PCI QSA* and mile2® uses ASV tool #4268-01-03.