Agiliance-On-Demand for Payment Card Industry (PCI) Assessment

Agiliance On-Demand delivers a powerful agent-less web-based application to deliver PCI assessments leveraging self-assessment capabilities supported by an eSurvey process. Agiliance On-Demand PCI is best suited for the burgeoning retail industry and the large number of merchants that must validate their compliance with PCI on an annual basis. Leading credit card issuers now require that all retailers and merchants that accept payment cards as payment for goods and/or services comply with the Payment Card Industry Data Security Standard (PCI DSS).

Challenges

With credit card fraud and identity theft on the rise, major credit card associations like Visa and MasterCard are requiring all levels of merchants to be certified compliant with PCI DSS. This poses more of a challenge for mid-tier businesses that may not have the resources to deploy a full compliance management application. Some of the issues these companies deal with are:

• PCI DSS fines of $500,000 per data security incident and $50,000 per day for non-compliance with published standards are enforced contractually or through sanctions.
• Merchants and service providers could be liable for fraud losses resulting from stolen account numbers as well as the cost of re-issuing cards to compromised customers.

As a result, financial, operational and IT executives for impacted companies want continuous visibility of their compliance process.

Solution

The Agiliance On-Demand PCI Solution provides businesses, in-store and online retailers, and service providers with an easy to deploy, cost-effective solution to ensure PCI compliance on an ongoing basis.

The Agiliance On-Demand PCI Solution delivers::

• Self-assessment with automated workflow using a robust web-based eSurvey capability
• The ability to monitor security tools and network defenses to ensure protection of cardholder information
• The means to consolidate PCI scans completed by a qualified scanning vendor
• Consolidated views, dashboards and compliance reports for auditors and issuing banks

The Agiliance On-Demand PCI Solution is particularly well-suited for small to mid-tier organizations looking to achieve PCI compliance. The PCI standard involves 160 specific requirements including Network Security, Data Encryption, Vulnerability Management, Access Control, Disaster Planning Policies, Physical Security and Personnel related processes. The Agiliance solution can combine eSurvey responses with information from security automation tools to deliver a more accurate top-down view of the organization’s risk posture.

Features

• Identify all assets that hold credit card information
• Apply controls based on PCI Data Security Standards to assets and identify risk
• Perform self-assessments using web-based eSurveys to identify how critical an asset is to maintaining the integrity and confidentiality of the data
• Attach evidence and test reports
• Measure compliance against policies
• Report compliance and document non-compliance
• Identify corrective actions and remedy non-compliance

Benefits

Agiliance enables organizations to effectively analyze and decrease security risk, and significantly reduce the cost of compliance with PCI standards. Agiliance On-Demand PCI Solution delivers the following benefits:

• Significantly increase the number of PCI Assessments completed
• Deliver comprehensive and accurate reports, dashboards and compliance reports to auditors and banks
• Merchants and retailers can now complete their own assessments and attach evidence as required
• Flexible billing process to allow sharing or allocation of compliance costs as needed
• Continuous visibility for larger companies that are responsible for PCI compliance for their smaller partners