TSC New PCI DSS Compliance Service for Small Business Provides Both Payment Card Protection and Full IT Security Simultaneously

Share Article

Provides an Affordable Method for Smaller Merchants to Implement IT Security Best Practices To Protect Both Credit Card Data And The Organization's Enterprise

We can offer more value to smaller organizations while enabling them to avoid the very expensive and complex route of hiring a PCI Qualified Security Assessor (QSA) to perform an audit. TSC can offer the high level of expertise needed to get through the process at a fraction of the cost.

The Security Consortium, (TSC) a leading IT security testing, research and counsel services organization, today announced a new PCI DSS service specifically designed to make compliance affordable and easier to attain for smaller merchants. A common misconception is that all merchants must go through a very expensive and complex process to attain compliance. However, any merchant that processes less than six million transactions a year may only have to perform an internal assessment to qualify as compliant. TSC's new offering includes both a PCI DSS internal assessment as well as an overall IT security review, enabling companies to stretch their budget to cover all of their security needs in one shot.

"Understanding and implementing the 12 requirements of PCI DSS can seem daunting, especially for merchants without security or an IT department," said Mark Kadrich, CEO of The Security Consortium. "We can offer more value to smaller organizations while enabling them to avoid the very expensive and complex route of hiring a PCI Qualified Security Assessor (QSA) to perform an audit. TSC can offer the high level of expertise needed to get through the process at a fraction of the cost."

The TSC internal small business assessment program includes:

  •     PCI DSS Program - a broad overview of the payment card industry, payment transaction flows and payment brand compliance programs
  •     PCI DSS Assessment - cardholder data discovery including cardholder data flow and cardholder data storage. Network segmentation and scope definition.
  •     PCI DSS Requirements - interpretation of the requirements, testing procedures and how to apply the testing procedures based on the scope of the assessment.
  •     Controls - Recommendation of acceptable controls that need to be in place to ensure ongoing PCI DSS compliance.
  •     Overall Corporate Security - A detailed review of the organization's current security posture with suggested remediation plans.

Security for small businesses is more critical than ever as evidenced by a recent survey that found 65 percent of small businesses store customer data, 43 percent store financial records, 33 percent store credit card information, and 20 percent have intellectual property and other sensitive corporate content online. However, 86 percent of these firms do not have personnel that can focus on IT security. TSC's new service enables small businesses to affordably improve their corporate performance and revenue production with the leading IT security technologies in the industry.
PCI DSS compliance in particular has become even more critical as states have passed laws that enable issuing banks to charge the merchant the costs of reissuing credit cards after a breach. It is not necessary for an organization to physically reside in the state that made the law. If the merchant sells products or services to any of the residents of that state, they fall under the purview of the new law.

In addition to damaging the company's reputation and brand, other non-compliance risks are the
PCI related fines which can be as high as $500,000 per incident. Merchant remediation costs are also estimated to be between $90 and $302 per record. In severe cases, merchants can even be given the 'Death Penalty,' preventing them from accepting credit cards at all. However, merchants that are in compliance at the time of a breach are protected under 'safe harbor' laws that absolve the organization from many of these penalties and fines, enabling the organization to quickly recover its ability to operate effectively without being crippled by the massive repercussions that can occur.

The TSC' service helps merchants navigate through the subtle nuances of PCI DSS issues such as addressing policies and procedures for cardholder transactions and data processing. Each business must protect cardholder data when it is received, and when chargebacks or refunds are processed. In addition, even if a small business chooses to outsource its PCI DSS, the company still must ensure that the providers' applications and card payment terminals comply with respective PCI standards and do not store sensitive cardholder data. Merchants with phone sales and/or walk-in traffic have additional PCI requirements that need to be implemented as well.

TSC's PCI DSS internal security assessment service will systematically check the network and applications for required practices. TSC offers a wide variety of systems expertise including directory and user-level authentication services, network operation systems, LAN infrastructure, and desktop and mobile devices. The result is a fully documented security posture with controls that demonstrate verified compliance with PCI DSS. Other regulations such as HIPAA, Sarbanes-Oxley or Red Flag Rules can be included in the service as well. TSC's expertise and business focus means security audits can provide double value, helping identify performance issues and fine-tune network and system resources.

PCI DSS is a multifaceted security standard developed as a collaborative effort among Visa®, MasterCard®, American Express®, Diner's Club®, Discover®, and JCB USA®, as well as many major merchants. It applies to any organization that stores, processes or transmits cardholder data and extends to all system components. The PCI Data Security Standard and supporting documents represent a common set of industry tools and measurements to help ensure the safe handling of sensitive information. The standard provides an actionable framework for developing a robust account data security process--including preventing, detecting and reacting to security incidents.

About The Security Consortium
Design, testing, counsel and leadership services from The Security Consortium (TSC) provide companies with the ability to balance the need for security with business objectives. TSC brings together design, network and product expertise with testing and process feedback to create competitive advantage for companies. By focusing on overall business results instead of narrow test requirements, TSC helps companies improve the processes used to create, purchase, and operate security products resulting in a lower TCO, better quality and usability, fewer security vulnerabilities and more successful business operations. TSC is a privately held company, founded in 2007 and based in San Jose, California. For more information, visit us at http://www.thesecurityconsortium.net.


Share article on social media or email:

View article via:

Pdf Print

Contact Author

Robin Lutchansky
Visit website