Payment Card Industry (PCI) Compliance Services

We Calculate the Risks...then Eliminate Them

To better service the compliance and audit needs of our customers, Lighthouse Computer Services has established a strategic partnership with Compass IT Compliance, LLC. The members of Compass IT Compliance, LLC are highly experienced and certified, and the company’s managing partners were formerly senior consultants within the Lighthouse IT Compliance Group.

Compass stands ready to help you become PCI-compliant.

Approximately every ten seconds, someone is a victim of identity theft. And one of the most common forms of identity theft – credit card fraud – has reached near epidemic proportions. According to the Federal Trade Commission, 42% of identity theft cases involve credit card fraud.

To counter this problem, the five major credit card companies – American Express, Discover, JCB, MasterCard and Visa – teamed up to form the Payment Card Industry Security Standards Council (PCI SSC). As outlined by the council, any transaction and account information is required to be confidential and safe from hackers or other intruders. To enforce these requirements, the PCI Security Standards Council mandates that all

merchants and service providers who store, process, or transmit payment card information need to be PCI-compliant. Compliance requirements include security management, policies, procedures, network architecture, software design and other critical protective measures to help ensure the safe handling of sensitive credit card information. Penalties for non-compliance include monetary fines, and/or account suspension and termination.

Compass IT Compliance, LLC, already a leader in IT Compliance services throughout the Northeast U.S., is certified as a PCI Approved Scanning Vendor (ASV) and Qualified Security Assessor (QSA). Compass' expert consultants – all CISA-certified auditors, network engineers and project managers – stand ready to assist you with your PCI-related compliance needs.

The PCI Data Security Standard

In September 2006, the PCI SSC, put together by the five major card brands, created the Payment Card Industry Data Security Standard (PCI DSS) in order to secure credit card data in a globally consistent manner. As a result, merchants, processors, point-of-sale vendors and financial institutions must now meet rigid PCI standards when accepting credit card payments. These standards include requirements for security management, policies, procedures, network architecture, software design and other critical protective measures to help ensure the safe handling of sensitive credit card information.

Download the PCI Data Security Standard Self Assessment Questionnaire

How It Affects Your Business
All merchants and service providers who store, process, or transmit payment card information need to comply with the standards set by the Payment Card Industry. There are different validation requirements for merchants and service providers. For example, merchants are divided into different levels based on the number of transactions they process throughout a year. Credit card companies may enforce the terms of their contracts by imposing fines, restrictions, and/or sanctions against businesses who do not comply with PCI standards. There are a number of things organizations need to do to validate their
PCI compliance that range from Quarterly Scans by an ASV and Self Assessment Questionnaires (SAQ) to an on site audit called a Report on Compliance (ROC) performed by a QSA.

1
Install and maintain a firewall configuration to protect cardholder data

2
Do not use vendor supplied defaults for system passwords and other security parameters

3
Protect stored cardholder data

4
Encrypt transmission of cardholder data across open, public networks

5
Use and regularly update anti-virus software

6
Develop and maintain secure systems and
applications

7
Restrict access to cardholder data by business need-to-know

8
Assign a unique ID to each person with computer access.

9
Restrict physical access to cardholder data

10
Track and monitor all access to network resources and cardholder data

11
Regularly test security systems and processes

12
Maintain a policy that addresses information security

How Compass Can Help Your Business

Compass' ASV- and QSA-certified teams are highly trained to help merchants and vendors evaluate the security of their credit card systems, and help them achieve compliance with the PCI Data Security Standard.

Compass' status as PCI-certified Qualified Security Assessors (QSA) allows us to perform annual onsite PCI Audits for merchants and service providers called a ROC. We can also help merchants and service providers prepare for assessments by first performing a Risk Assessment or Gap Analysis that will identify control weaknesses in their PCI Environment. Additionally, Compass can provide consulting

services to assist the client in completing a SAQ or remediating findings. As an Approved Scanning Vendor (ASV), Compass IT Compliance, LLC can conduct quarterly Network Security Scans for any merchant.

Compass also offers PCI Remediation Services in order to correct compliance issues discovered in a PCI Security Audit. Their professionals first create a comprehensive remediation roadmap – in which they tailor a plan to correct problems based on your current PCI compliance status – then implement the proper internal controls and tools required to move your company into full PCI compliance.

About Compass IT Compliance, LLC

Compass' dedicated team of IT Compliance
Consultants – all Certified Information Systems
Auditors (CISA), PCI ASVs, PCI QSAs, Certified
Network Engineers and Certified Project
Managers – have performed hundreds of IT
Compliance projects across all industries,
including the highly regulated banking and
financial sectors. Their consultants are the best
in the business, and have multiple certifications
in industry practices and testing methodologies.

Compass IT Compliance is a trusted IT advisor to leading companies throughout the Northeast U.S., offering consulting, integration, and maintenance services on the latest hardware and software.

Using best-in-class technologies – including those from IBM, Microsoft, Enterasys, Tivoli, Symantec, NetApp, VMware, SEPATON, STORServer, Lotus, Acopia, APC, and Asempra – as well as a first-class Professional Services team, Compass is able to design and implement cutting-edge solutions for complex enterprise environments.

For more information, or to schedule a consultation, please visit Compass IT Compliance, LLC, or call Compass at 888-246-7594.