PCI Services

Compliance does not guarantee security.
Smart security can lower operations costs

We help small and large retailers navigate the complexities of PCI, find the most cost effective means to achieve and maintain PCI compliance, and secure their earnings and reputation.

Statistics from Verizon 2015 PCI Compliance Report

Inadequately tested the security of all in-scope systems67%

Breaches over the last three years involving POS intrusion31%

Consumers that would prefer not to shop at a breached retailer69%

 

PCI Services Enhanced with the Adversary's Perspective

Managed PCI

A certified QSA helps you direct and execute a one-year, three-phase program to establish and maintain PCI compliant operations.

PCI Risk Assessment

Certified QSA determines your potential exposure to fines from PCI non-compliance and/or plausible security breaches.


Source Code Review

Ethical device hacker conducts an independent security assessment of custom software that falls within PCI scope, providing a prioritized report ready for submission.

Penetration Test

Professional enterprise ethical hackers conduct PCI mandated annual penetration test, culminating in prioritized findings report.

Incident Response Test

An optional addition to a penetration test, ethical hackers assess an organization’s policies, processes, technologies, and personnel in detecting and responding to simulated cyber attacks.

Web Application Security Assessment

Ethical hackers assess and report on the security posture of PCI relevant web applications.

Security Awareness Training

Satisfies PCI annual requirement for preparing end-users within your organization for frequent attack scenarios targeting PCI data.

Vulnerability Scan

Professional enterprise ethical hacker conducts PCI required network scans, providing a prioritized report that is ready for signature and submission.

Firewall & Router Configuration Review

Cybersecurity expert assessment of PCI relevant network devices compliance and network security readiness for plausible cyber attacks.
 

Managed PCI is a one-year, three phase program:

A qualified CSA from Tangible Security leads the engagement. Complying with roughly 900 points of compliance is not merely a one-time checklist exercise, particularly if an organization wants to do so cost-effectively up-front and over time.

Phase I

  • One to two months
  • Onsite gap assessment (typically 2 - 3 days)
  • Penetration Test
  • Formulate remediation plan/roadmap
  • Phase II

  • Monthly subscription (typically 4 hours per month) whereby a Certified QSA virtually joins your organization assisting with planning and execution of your remediation plan
  • Bi-weekly one hour project team meetings
  • Certified QSA executes various tasks as needed
  • When non-compliance issues are fixed, efforts shift towards instituting and maintaining efficient and cost-effective PCI compliant operations
  • Phase III

  • Final Assessment and Report of Compliance
  • On rare occasions, after an unpredictable change somewhere, a non-compliance issue surfaces, whereby the certified QSA works with you for up to 45 days to correct, applies for an extension, and/or issues a report of non-compliance
  •