PCI Compliance Services

Download the PCI Data Security Standard
Self Assessment Questionnaire

The 12 requirements as defined by the Payment Card Industry Security Standards Council

Install and maintain a firewall configuration to protect cardholder data.
Do not use vendor-supplied defaults for system passwords and other security parameters.
Protect stored cardholder data.
Encrypt transmission of cardholder data across open, public networks.
Use and regularly update anti-virus software.
Develop and maintain secure systems and applications.
Restrict access to cardholder data by business need-to-know.
Assign a unique ID to each person with computer access.
Restrict physical access to cardholder data.
Track and monitor all access to network resources and cardholder data.
Regularly test security systems and processes.
Maintain a policy that addresses information security.

PCI Compliance Services Brochure

Approximately every ten seconds, someone is a victim of identity theft. And one of the most common forms of identity theft—credit card fraud—has reached near epidemic proportions. According to the Federal Trade Commission, 42% of identity theft cases involved credit card fraud, and research firm Financial Insights reports that credit card fraud cost businesses nearly $60 billion in 2005 alone.

To counter this enormous problem, the five major credit card companies—Discover, American Express, Visa, MasterCard and JCB—teamed up to form the Payment Card Industry (PCI) Security Standards Council in order to protect customers’ credit card data. As outlined by the council, any transaction or account information is required to be confidential and safe from hackers or other intruders. To enforce these requirements, the PCI Security Standards Council has mandated that all merchants and service providers who store, process, or transmit payment card information need to be PCI-compliant. Penalties for noncompliance include monetary fines, and/or account suspension and termination.

Lighthouse Computer Services, already a leader in IT Compliance services throughout the Northeast U.S., is now one of only approximately 50 firms worldwide certified as a PCI Approved Scanning Vendor (ASV) and Qualified Security Assessor (QSA). Lighthouse’s expert consultants—all CISA-certified auditors, network engineers and project managers—stand ready to assist you with your PCI-related compliance needs. To learn more about the benefits of our PCI Compliance offerings, including our PCI Remediation Services, please call the Lighthouse ComplianceLine at 860-228-5074.

THE PCI DATA SECURITY STANDARD

In September 2006, the five leading credit card companies —American Express, Discover, Visa, MasterCard and JCB—formed the Payment Card Industry (PCI) Data Security Standard in order to secure credit card data in a globally consistent manner. As a result, merchants, processors, point-of-sale vendors and financial institutions must now meet rigid PCI standards when accepting credit card payments. These standards include requirements for security management, policies, procedures, network architecture, software design and other critical protective measures to help ensure the safe handling of sensitive credit card information.

HOW DOES THIS AFFECT MY BUSINESS?

All merchants and service providers who store, process, or transmit payment card information need to comply with the standards set by the Payment Card Industry. There are different validation requirements for merchants and service providers. For example, merchants are divided into different levels based on the number of transactions they process throughout a year. Figure 1, below, shows those levels and their requirements.

Credit card companies may enforce the terms of their contracts by imposing fines, restrictions, and/or sanctions against businesses who do not comply with PCI standards.

HOW CAN LIGHTHOUSE HELP?

Lighthouse’s ASV- and QSA-certified teams are highly trained to help merchants and vendors evaluate the security of their credit card systems, and help them achieve compliance with the PCI Data Security Standard. As an Approved Scanning Vendor (ASV), Lighthouse can conduct quarterly Network Security Scans for any merchant. During these scans, Lighthouse performs

vulnerability testing to identify technical vulnerabilities in merchants’ computers and networks, as well as weaknesses in policies and practices related to these systems. The Network Security Scans also include penetration tests, which are simulations of real-world attacks against merchant systems in order to identify security weaknesses before they can be exploited by hackers. Lighthouse's status as PCI-certified Qualified Security Assessors (QSA) allows us to perform annual onsite PCI Security Audits for merchants and service providers to document compliance with PCI. We can also help merchants and service providers prepare for assessments and remediate any problem areas.

ABOUT US

Lighthouse’s team of IT Compliance Consultants— comprised of Certified Information Systems Auditors (CISA), PCI ASVs, PCI QSAs, Certified Network Engineers and Certified Project Managers—have performed dozens of IT Compliance projects across all industries, including the highly regulated banking and financial sectors. Our consultants are the best in the business, and have multiple certifications in industry practices and testing methodologies. Lighthouse is a trusted IT services provider to over 200 leading companies throughout the Northeast U.S., offering consulting, integration and maintenance services on the latest hardware and software technologies.

For more information or to schedule a no-cost initial consultation, please contact info@lighthousecs.com or call 401-334-0799.