PSC is qualified globally as:
The PCI DSS aligns the Visa International Account Information Security (AIS) program, the Visa USA Cardholder Information Security Program (CISP), MasterCard Site Data Protection (SDP) program, American Express Data Security Operating Policy (DSOP) and Discover Information Security and Compliance (DISC) streamlining requirements, compliance criteria and validation processes.
All Merchants, Financial Institutions, Processors, and Service Providers that store, process, or transmit cardholder data must be PCI compliant.
The goal of PA-DSS is to help software vendors and others develop secure payment applications that do not store prohibited data, such as full magnetic stripe, CVV2 or PIN data, and ensure their payment applications support compliance with the PCI Data Security Standard (PCI DSS).
The PCI Security Standards Council has released new assessment standards relating to hardware-based point-to-point encryption (P2PE) services. These services, provided by acquiring processors and payments gateways, utilize PCI Point of Interaction (POI) validated terminals to provide encryption of cardholder data from the retail establishment through to the acquirer. By implementing one of these solutions, a merchant may reduce the scope of their PCI DSS assessments, and significantly reduces risk of compromise of cardholder data.
The purpose of penetration testing is to footprint, enumerate and potentially exploit vulnerabilities in web application(s) and network infrastructure using automated tools and manual mechanisms, above and beyond what simple automated scanning tools can achieve.
Network and application penetration tests are different from vulnerability scans in that penetration tests are more manual. They attempt to actually exploit some of the vulnerabilities identified in scans, and follow practices used by hackers to take advantage of weak security systems or processes.
Security scans assist in the identification of vulnerabilities and mis-configuration of web sites, applications, and information technology (IT) infrastructures with Internet-facing IPs.
Various audits are required by payment networks and brands to validate proper PIN security and key management practices. These audits include Visa’s PIN audit and the TR-39 (TG-3) audit utilized by NYCE, PULSE and STAR. All entities handling PINs or cryptographic keys used in PIN processing must complete a PCI PIN / TR-39 (TG-3) Assessment and provide reporting of compliance to the appropriate networks.
PSC provides customers desiring compliance with the Experian Independent 3rd Party Assessment (EI3PA) with a Report on Compliance (ROC) and an EI3PA certification. An EI3PA assessment is an assessment of an Experian Reseller’s ability to protect the information purchased from Experian.