PCI Security Standards DSS Approved Scanning Vendor

PCI DSS ASV Vulnerability Scans

Following a number of instances of hackers stealing cardholder information and using it to commit fraud, the major payment card providers including Visa, MasterCard and American Express have developed a number of industry wide security standards that merchants must adhere to in order to process card transactions.

The Payment Card Industry Data Security Standard (PCI DSS) is focused on online transactions, however it applies to any company that stores, processes or transmits cardholder data and consequently effects merchants with physical stores as well as banks, processors and service providers.

To comply fully with the PCI DSS an organisation must meet the following 12 key requirements:

Install and maintain a firewall configuration to protect cardholder data
Do not use vendor-supplied defaults for system passwords and other security parameters
Protect stored cardholder data
Encrypt transmission of cardholder data across open, public networks
Use and regularly update anti-virus software
Develop and maintain secure systems and applications
Restrict access to cardholder data by business need-to-know
Assign a unique ID to each person with computer access
Restrict physical access to cardholder data
Track and monitor all access to network resources and cardholder data
Regularly test security systems and processes
Maintain a policy that addresses information security

Dionach is a PCI Approved Scanning Vendor (ASV) and is accredited to undertake PCI DSS Vulnerability Scans to fulfil requirement 11 of the Standard.

The outputs of a Dionach PCI DSS Vulnerability Scan are two reports: one an executive summary and the other a list of technical issues. Dionach will discuss any non-compliant issues with you, and determine whether a fix and retest is required or whether they are false positives. The aim is to ensure an efficient route to a passing quarterly scan report.