PCI DSS (Payment Card Industry Data Security Standard)

• Requirements and guidelines to ensure credit card information is properly secured

• Hot topic due to recent large scale payment card data breaches

• Not only retailers are affected

• Any organization that takes credit card payments should be in compliance with latest PCI guidance, PCI DSS 3.1– Zoos

– Airlines

– Banks

– Etc.

PCI DSS Version 3.1

• Effective July 1, 2015

• Includes minor updates and clarifications– Addresses vulnerabilities within the SSL encryption protocol that can put

payment data at risk

• Requirements 11.3.1 and 11.3.2 encourage penetration testing annually or after any significant change to IT environment – Can include any upgrade or modification that could affect the security of

cardholder data

– Aims to ensure that controls assumed to be in place continue to work effectively after updates

Where Companies Fail

“Compliance with the Payment Card Industry Data Security Standard continues to improve, but four out of five companies still fail at

interim assessment. This indicates that they’ve failed to sustain the security controls they put in place.”

Verizon 2015 PCI Compliance Report

• Find and fix your vulnerabilities before an attacker does – Vulnerability scanning alone is not sufficient

– Penetration testing reduces false positive results by discovering which weaknesses could actually result in an exploit

• Maintain the controls put in place for continued security

TraceSecurity PCI Penetration Testing

• Follows PCI guideline best practice methodology to include a/an:– Engagement Interview

– Network Documentation Collection

– Network Scope

– Segmentation Checks

– Application and Network Testing

– Immediate Notification of Critical Risks and/or Encountering Cardholder Data

– Post-Engagement Retesting and Environment Clean-Up

• PCI test results are provided in an extensive report

TraceSecurity PCI Penetration Testing (cont’d)

• Better equips organizations to prevent cybersecurity attacks and maintain PCI compliance

• Since 2004, TraceSecurity has performed nearly 10,000 penetration tests

• Our information security analysts maintain certifications suggested by PCI guidelines that include but are not limited to:– Offensive Security Certified Professional (OSCP)

– Certified Ethical Hacker (CEH)

Educational Webinar and Blog

• Join TraceSecurity for a free webinar. Learn how you can protect your customers’ payment data and comply with new PCI standards. – This webinar explores some of today’s most publicized card data breaches

and discusses how organizations can effectively evaluate and test the security of both internal and external systems that are involved in the processing or protection of cardholder data to ensure they maintain PCI compliance.

• Read TraceSecurity's blog titled “TraceSecurity PCI Penetration Testing Meets PCI DSS 3.1.”

CLICK HERE TO REGISTER/WATCH

CLICK HERE TO READ BLOG

thought leadership

webinars on-demand

our blog

our monthly newsletter

www.tracesecurity.com ©2015 TraceSecurity, Inc. All rights reserved worldwide.

Connect with us!

DOWNLOAD

WATCH

READ

RECEIVE

Access more educational content from TraceSecurity,