We offer full compliance support for Payment Card Industry Data Security Standard (PCIDSS).

Payment Card Industry Data Security Standard was formulated by the five multinational financial services corporations (JCB, American Express, Discover, MasterCard, and VISA) to protect the payment transaction data of the cardholders of franchise and settlement agencies.

PCI DSS is believed to be the highest degree of compliance and operation and is the most profound and strict standard out of numbers of security standards — this means that by following its criteria, you can prevent severe damages such as information leakage. Its formulated by PCI Security Standards Council (PCI SSC), and companies that “saves, evaluates and sends” credit card data (banks, card franchise, and settlement agencies) are subject to follow.

The Revised Installment Sales Act, enforced in June 2018, mandated companies with credit card data to strengthen their security measures. If they are unable to correspond to the standard, the companies are required to terminate the credit card data.

Description

We provide the “PCI DSS Compliance Support Service” for companies seeking or considering the security level of PCI DSS. This service provides support in policy management, preparation of Self Answering Questions, and examinations in the presence of inspectors.

Service Procedure

For termination of credit card data

  1. Consideration of measures (use of settlement agencies, third parties, BPO operator, etc.)
  2. Implementation
  3. Credit card information research and data removal

 

For PCI DSS Compliance (SAQ, Qualified Security Assessor)

  1. Consideration of PCI DSS compliance range
    Identification and refinement of credit card information related tasks
    Identification of the system that saves, sends, and evaluates credit card data
  2. Fit and gap analysis
    Clarification of the difference between the system status and PCI DSS requirements
  3. Planning
    Design significant measures needed for PCI DSS compliance
  4. Implementation
    Documentation (policy, process, and records), execution of system requirements, ordinary correspondence based on planned measures
  5. Inspection support
    Preparation of SAQ
    Preparation of QSA inspection
    Examination meeting

 

Features

We provide assessments for network scan, penetration test and web application scan based on the 12 requirements from PCI DSS.

1. Other PCIDSS related services

  • Web application vulnerability assessment
  • Wi-Fi Scan
  • Penetration test
  • ASV Scan
  • Network vulnerability assessment
  • Segmentation test

2. Achievements

  • A Mega Bank branch credit card company
  • Summary: Wifi scan, exterior and interior vulnerability assessment, web application scan, penetration test, segmentation test
  • A settlement agency
  • Summary: web application scan, penetration test, segmentation test

 

Remote assessment

  • Open system
  • Closed system
  • Onsite Assessment

 

Our Approach