We'd love to hear from you. Fill out contact request form and let us know how we can help. Or call us directly at phone
1 408-826-2284

Farlega’sBLOGS

That's we're talking about

Contact us

Write messages us using
the form below

Marked * are required

That's we're talking about!

Wish to learn more about what speak in company Farlega? Come to our blogs!

Security Assurance

Published: Mon, 07/26/2010 - 10:00
By: admin


1     More than 6 million     N/A     Required Quarterly     Required Annually
2     1 to 6 million     Required Annually     Required Quarterly     N/A
3     20,000 to 1 million     Required Annually     Required Quarterly     N/A
4     All others     Required Annually     Required Quarterly     N/A

Penalties for noncompliance are steep

Penalties for non-compliance can include a hold on your ability to accept credit card payments, increased scrutiny for next year, fines ranging from $10,000 to $500,000, and potential legal liability from affected cardholders.
 
How can Farlega help?

We are a PCI Approved Scanning Vendor (ASV) and our team can help you determine your compliance level, walk you through the self assessment questionnaire, and/or complete the quarterly network security scans. Our PCI DSS services include:

PCI Health Check

Network Security Scans – from an Approved Scanning Vendor

Penetration Testing (Internal & External) – manual & automated

Web Application Testing – manual & automated

Wireless Security Testing – manual & automated

Please contact us to determine the scope of compliance requirements to protect cardholder data that are applicable for your institution. Like most companies, colleges and universities are utilizing credit card transactions as a means to do business, particularly for tuition and other student payments. It is convenient for the consumer and relatively cost effective for the organization. Unfortunately, the cost of “business as usual” is about to change.

Over the years, the payment card companies have footed the bill for credit card theft and fraudulent activity. Hackers were merely a nuisance to the overall bottom line. However, the hacker’s modus operandi has shifted from simple website defacements for bragging rights and “onesy twosy” identity thefts, to organized crime syndicates profiting from data theft and black market sales of cardholder data. All of which is costing the card companies millions each year. In response, the card companies are looking to transfer some of these costs to organizations that don’t have the minimum security baselines in place to protect cardholder data. Enter the Payment Card Industry Data Security Standards (PCI-DSS).

What is PCI?

PCI DSS is a set of security standards created by Visa Inc., Discover Financial Services, JCB International, MasterCard Worldwide and American Express to help protect cardholders from the increasing number of incidents of identity theft and security incidents. There are 12 key security requirements; however, several steps need to be taken to meet compliance.

Who needs to comply?

All organizations that accept, process, transmit, or store credit card data. To date, credit card issuers (Visa, MasterCard, etc.) have focused compliance on larger merchants and processors even though the compliance requirement date for companies has passed. Due to recent increases in identity theft incidents, the card issuers have moved to enforcing full compliance.
 
What are the compliance levels?

 Level    Definition (# of Transactions Annually)    SAQ – Self Assessment Questionnaire    Network Security Scan by an ASV    On-Site Audit by QSA
 
1     More than 6 million     N/A     Required Quarterly     Required Annually
2     1 to 6 million     Required Annually     Required Quarterly     N/A