PCI DSS Compliance services
Coolcat Inc is a PCI Council Approved Scanning Vendor (ASV) which certifies us to help merchants achieve compliance with the Payment Card Industry (PCI) Data Security Standard (DSS). With Coolcat Inc's Professional Services staff can perform an independent scan and produce the certified document for your records. Coolcat Inc consultants can also assist with the completion of your PCI DSS Self-assessment Questionnaire that solicits information about the internal security practices of your business, both on the Web and on your internal network.
Coolcat Inc PCI Compliance services include:
- PCI compliance audit report and automated scans on a quarterly, scheduled basis.
- Coolcat Inc Remediation Plan and Report with detailed step-by-step instructions for vulnerability remediation to attain full PCI compliance.
- Coolcat Inc PCI Professional Services Review.
- Coolcat Inc PCI Assessment Checklist completion for PCI certification.
What is PCI DSS Compliance?
PCI DSS is a worldwide standard endorsed by Visa, Cardholder Information Security Program (CISP), MasterCard, Discover, Diners Club, and American Express and is designed to respond to the rising number of incidents of stolen cardholder account data. The goal of PCI DSS is simple, protect cardholder account data. The stark reality for the merchant is that the due diligence required to meet this standard is far from simple. In order to prepare for a PCI DSS compliance audit merchants must test, remedy, retest, and document their final compliance findings addressing the twelve requirements of PCI DSS.
At a broad brush level, the PCI DSS encompasses requirements for security management, policies, procedures, network architecture, software design, and other critical protective measures. The requirements scale based on the number of annual transactions. For example, a Level 1 merchant is the highest level. They process more than six-million transactions annually and typically conduct an annual audit using an independent Qualified Security Assessor (QSA). Levels 2 through 4 include merchants that usually use the PCI DSS Self-assessment Questionnaire for their annual audit.
At all levels, merchants and service providers contract with a PCI Approved Scanning Vendor (ASV) to conduct vulnerabilities scans of any of their networks that transmit, process, or store cardholder data. In addition, to prepare for an annual PCI compliance audit, many merchants engage an external security assessment team to perform annual internal and external penetration test as part of their vulnerability plan mandated by PCI DSS Requirement 11.
Who is required to meet the PCI security standard?
All entities that accept credit or debit card payment, collect, process or store credit card transaction information, regardless of transaction volume, are required to be in PCI compliance. Failure to meet the security standard may result in substantial fines or permanent expulsion from card acceptance programs.
All merchant banks are also required to receive certified proof of PCI compliance from companies that process more than 20,000 credit card transactions per year or be liable and fined themselves. Many merchant banks are beginning to require that all businesses accepting credit card transactions produce this certification of PCI compliance.
What is needed to meet the PCI standard?
There are two basic steps required to meet the standard:
- Pass quarterly vulnerability scans conducted by a PCI Council "qualified independent scan vendor". Coolcat PCI Compliance and our Professional Services resources can provide this independent scan and produce the certified document for your records.
- Complete a security self-assessment questionnaire that asks you about your internal security practices, both on the Web and on your internal network. Coolcat Inc can assist with the completion of this questionnaire.
