- IBM Certified Refurbished
- eCycling Services
- Networking
- Data Center Planning
PCI Remediation
Penetration Testing
Policy Review and Development
Project Management
Sarbanes-Oxley
SAS70 Preparation
Security Compliance
Security Review Training
Social Engineering Reviews
Training & Staff Augmentation
Vulnerability Assessment
ASV Scanning Solutions
QUARTERLY NETWORK SECURITY SCANS TO IDENTIFY NETWORK VULNERABILITIES
PCI DSS
Payment Card Industry (PCI) Data Security Standard (DSS) is a compilation of best practices that were created by the major credit card companies to protect their customers from increasing identity theft and security breaches. Any company that stores, processes and/or transmits cardholder data needs to maintain compliance with PCI requirements. Failure to comply with these standards may result in heavy fines, restrictions, or permanent expulsion from credit card acceptance companies.
Among validation requirements are an Annual onsite review by QSA (Qualified Security Assessor) and Quarterly network scan by ASV (Approved Scanning Vendor).
HOW CAN LIGHTHOUSE HELP?
Lighthouse Computer Services is a leading provider of global PCI compliance services. As one of approximately 50 select firms worldwide certified as a PCI Qualified Security Assessor (QSA), Lighthouse is highly trained to help merchants and service providers achieve full compliance with the PCI Data Security Standard.
Our ASV- and QSA-certified teams — made up of CISA-certified auditors, network engineers, and project managers — are information security experts. Lighthouse’s ASVs and QSAs are highly trained to conduct technologically complex security assessments and scanning services to help you:
- Ensure consistent and proper application of security measures and controls
- Reduce the risk of customer data being compromised
- Reduce the risk of online credit card fraud
- Identify and remediate vulnerabilities
Lighthouse ASV Scanning Solutions
All merchants and service providers with Internet-facing IP addresses, regardless of transactional volume, require a quarterly Network Security Scan performed by a PCI Approved Scanning Vendor.
During our security scan, Lighthouse performs comprehensive security testing for all of a customer’s active IP addresses. The ASV will identify computer or network vulnerabilities and configuration issues related to the following:
-
Routers
-
Firewalls
-
Web Servers
-
Application Servers
-
DNS Servers
-
Mail Servers
-
Virtual Hosts
-
Wireless Access Points
Lighthouse’s Network Security Scans also include penetration tests, which are simulations of real-world attacks against merchant systems in order to identify security weaknesses before they can be exploited by hackers.
PCI SCAN REPORTS
Based on the results of the PCI scan, the ASV produces a detailed report of their findings and recommendations for vulnerabilities. The scan report describes the type of vulnerability or risk, a diagnosis of the associated issues, and guidance on how to fix or patch the vulnerabilities. The report will assign a rating for vulnerabilities identified in the scan process.
To demonstrate compliance, a scan must not contain high-level vulnerabilities. High-level vulnerabilities are designated as level 3, 4, or 5. If a level 3, 4, or 5 vulnerability is found during a PCI Scan, the company will not receive a passing PCI Scan report.
Click here for the current list of ASVs recognized by the PCI Security Standards Council.
For more information or to schedule a no-cost initial consultation, please contact info@lighthousecs.com or call 401-334-0799.
