Cybersecurity Audit

Comprehensive analysis and review detecting vulnerabilities and threats within your IT Infrastructure

See more details

Cloud Security

Security measures designed to protect cloud based services

See more details

Implementation of MS Defender for Endpoints

Secure your business Endpoints from being exploited, with real time monitoring and response

See more details

Network Security improvements

Enhance and protect your infrastructure with the best security practises to your existing network

PCI DSS Compliance

Security standards and compliance for Payment Card Industry Data Security Standard

See more details

ISO 27001 Compliance

Global standard for effective information management

See more details

Cyber Essentials Compliance

Fundamental principles of Cybersecurity and how you should protect your infrastructure

See more details

CyberSecurity Plus Compliance

The highest level of certification within the Cyber Essentials scheme

See more details

PCI DSS Compliance

What is PCI DSS Compliance?

The Payment Card Industry Data Security Standard (PCI DSS Compliance) is an information security framework intended to protect cardholder data (CHD).

Created as a result of card payment processors and issuers’ concerns about data breaches, PCI DSS compliance entails a set of policies and procedures designed to prevent the misuse of cardholders personal information

Is PCI DSS Compliance mandatory in the UK?

While not a law, PCI DSS compliance is a security standard to which all businesses handling card payments must comply. Given that the vast majority of businesses handle card payments, PCI DSS compliance is effectively mandatory. Failure to comply with PCI DSS Compliance can result in financial penalties, damage to your company’s reputation, and in some cases, forced to cease trading.

PCI DSS Compliance

There are different compliance levels depending on how many transactions your UK business process annually:

From an infrastructure perspective, what should I do?

Build and maintain a secure network- Install and maintain a firewall configuration to protect data
- Do not use vendor-supplied defaults for system passwords and other security parameters
Protect cardholder data- Protect stored cardholder data
- Encrypt transmission of cardholder data across open, public networks
Implement strong access control measures- Restrict access to cardholder data by business need-to-know
- Assign a unique ID to each person with computer access
- Restrict physical access to cardholder data
Create a vulnerability management program- Use and regularly update anti-virus software or programs
- Develop and maintain secure systems and applications
Monitor and test networks regularly- Track and monitor all access to network resources and cardholder data
- Regularly test security systems and processes
Develop an information security policy- Maintain a policy that addresses information security for employees and contractors

What are the steps in order to become PCI DSS Compliant?

  1. Compliance Level
    You must identify your compliance level
  2. SAQ or ROC
    Level 2-4 Merchants - complete a Self-Assessment Questionnaire (SAQ)
    Level 1 Merchants - complete an annual Report on Compliance (ROC)
  3. AOC
    Complete a formal Attestation of Compliance (AOC)
  4. Network Scan
    Complete a quarterly network scan by an Approved Scanning Vendor (ASV)
  5. Submission
    Submit the documents

Proxar IT Consulting can assist your London or UK located firm with becoming (or remaining) PCI DSS Compliant with our Network Scans. Our external vulnerability scanning services will identify security issues and holes to hackers which may be exploited. For more information please contact us