Solutions

<Retail- PCI>

Payment Card Industry (PCI) Data Security Standard Compliance

In response to security break-ins into systems of banks, merchants and processors, the credit card associations Visa USA, MasterCard International, American Express and Discover aligned their individual policy protection programs to create the Payment Card Industry Data Security Standard (PCI DSS).


PCI Audit Requirements

The standard requires onsite audits by a third-party for any merchant processing more than six million transactions per year, for all credit card processors and payment gateways, as well as for any service provider that stores, processes, or transmits more than 1,000,000 transactions annually. Merchants and service providers that do not comply with the security requirements are subject to penalties or fines, such as prohibiting the merchant or service provider from participating in the credit card program and paying up to US $500,000 in fines per credit card incident.

As a result, banks, retailers and credit card service providers are required to develop and implement enterprise-wide security programs to comply with the security and privacy standards under PCI. In order to ensure compliance with the security standards of PCI, many companies have deployed a wide array of products which add layers of protection, but also add significant complexity and cost.

Despite substantial investments, most organizations still struggle to find a mechanism to define and enforce the right policies and controls to comply with PCI in a cost effective manner.


The Agiliance Solution


Agiliance IT GRC 5-step process

Agiliance enforces and monitors policies & controls across functional and geographical boundaries within an organization and improves compliance with the PCI standard in a cost-effective manner.


Agiliance's Key Capabilities:

  • Maintain a repository of all relevant assets (hardware, software, physical IT infrastructure, IT processes) that affect EPHI. Asset information can either be imported from external systems or populated through asset discovery technology. The system supports a comprehensive asset data model to document relationships between assets, organizations, processes and people.
  • Leveraging surveys to identify how critical an asset is to maintaining the integrity and confidentiality of EPHI and then assess its overall risk.
  • Maintain a library of controls by leveraging a popular framework such as ISO 17799/27001.
  • Provide an infrastructure for assessing compliance with controls
    • Automate the process of distributing and collecting periodic surveys and self assessments to evaluate compliance
    • Integrate with monitoring tools, compare asset configuration against controls and policies to identify non-compliance on a continuous basis
  • Report on asset compliance scores – both for status purposes, as well as evidence of compliance for internal and external auditors.
  • Compute an asset’s composite risk score based on multiple criteria, including business impact of its impairment, compliance with policies, including security policies, and its vulnerability based on external feeds. The risk score allows users to prioritize which non-compliant assets need to be addressed first for remediation.
  • Trigger the remediation process.
Live Demo Sign Up