Is your organization meeting the PCI DSS v3.2 requirements for quarterly and annual testing?

What is PCI DSS?

PCI DSS is the Payment Card Industry Data Security Standard. It is used to establish a security baseline for merchants who process, store or transmit payment card data. If you accept credit cards, PCI DSS applies to you.

Are there consequences for failing to maintain PCI Compliance?

The short answer is yes.  In a 2014 article, Forbes listed seven consequences merchants can expect for failing to maintain PCI Compliance that included compensation costs, bank fines, legal actions to name a few.  We have seen an increasing number of organizations who are unaware of or who misunderstand the new requirements in PCI DSS version 3.2. Many of these organizations verify their PCI DSS compliance via self-assessment (SAQ) and, until there’s a problem (like a breach), are blissfully unaware of that they are not compliant. 

As a merchant, what am I required to do?

Starting with PCI DSS Version 3.2, merchants are required to do internal testing in addition to the external testing performed by the QSA / ASV in prior versions. Specifically, PCI DSS v3.2 requires merchants to identify all authorized an unauthorized access points on a quarterly basis (Requirement 11.1), perform quarterly internal vulnerability scans (Requirement 11.2.1) and perform internal penetration testing at least annually and after any significant change or application upgrade (Requirement 11.3.2).

How Can Piratica Help?

Piratica offers a simple, unobtrusive, cost effective scanning option that meets or exceeds PCI DSS v3.2 requirements. We ship you an appliance with a network and power cable. You connect our appliance to a standard power outlet and your local network. The device establishes a secure connection back to Piratica. We run the scans and send a confirmation email to you when they’re finished. Pack the appliance, power cable and network cable back in the box and ship it back using the pre-paid shipping label and that’s it. We will process the scans and provide you with a report noting any deficiencies found. If the initial scan is non-compliant, we will also provide a follow-up scan within 30 days at no additional charge, you just pay shipping.

How much does it cost?

Our PCI DSS Quarterly Scanning option includes a vulnerability scan as well as a scan of the wireless access points in range of our appliance. Customers who take advantage of four consecutive quarterly scans also qualify for a 20% discount off of an annual PCI DSS penetration test (Requirement 11.3.2).

How can I get Started?

If you would like more information about our PCI DSS Quarterly scanning or Annual Penetration Test options, Contact Us.

Additional Information

Leave a Reply