If you operate an online business that accepts credit or debit cards, then you are probably familiar with the Payment Card Industry Data Security Standards (PCI DSS). We’ve discussed the benefits of PCI Compliance before, and it is crucial to ensure that your business becomes and remains in compliance with these requirements. As more and more transactions are carried out online, the retail landscape has created an ideal environment for savvy cyber criminals. By following the PCI DSS, you can provide the protection necessary for your customers’ financial security as well as your business’s reputation.
However, despite the benefits, many merchants still struggle with the certification process, leading to vulnerabilities for consumers. In order to stay one step ahead and navigate the potential PCI pitfalls, it is important to find a certified provider who can help walk you through the process as well as any follow up. Failing to meet these requirements or addressing security issues that may be discovered can not only result in heavy fines, but also damage to the overall integrity of your business.
With these factors in mind, McAfee SECURE has put together a PCI Certification Solution Brief to provide a more in depth break down of services available to eCommerce merchants.
Getting Started: PCI SAQ and Vulnerability Scanning
The first and most important steps toward achieving PCI compliance start by completing the annual Self Assessment Questionnaire and receiving quarterly vulnerability scanning. Depending on your business and how you choose to process card transactions, there are five different SAQs to choose from. Each poses specific questions to help you discover internal security practices and risks to your website, store, or back office.
Aside from submitting the SAQ, merchants must also work with a PCI-approved vendor (ASV) to complete an external evaluation of all internet connected points, including office networks, employee telecommuting connections, as well as permanent internet services like your website and email accounts.
While simple enough in practice, these two areas can cause merchants a lot of headaches. Identifying and completing the correct self-assessment form can be difficult for small to medium sized merchants who lack a dedicated compliance specialist or team. Using a subpar service can result in dangerous risks left unattended, like unencrypted forms and sensitive cookies. Additionally, once the vulnerability scans have been completed, merchants must then address any urgent weaknesses uncovered, which can often require the help of an outside security provider.
Our PCI Certification Service goes beyond the basics of PCI compliance validation, and offers merchants a step-by-step program to complete the requirements and maintain it in the long term.
- Approved vulnerability scanning service with expert remediation support
- SAQ completion wizard and tutorials
- Online service management portal
- Optional reporting dashboard though which merchant banks and payment processors can verify merchant compliance status
- No software or hardware to install
This service makes PCI compliance validation simple, with a dedicated network of support available to help merchants navigate the requirements and ensure that their business and customers will be protected. Some additional benefits include:
Ease of Use – Starting the process starts by simply enrolling your company’s domains and IP addresses online. You can then use the PCI SAQ wizard to select and complete the correct self-assessment questionnaire.
Additionally, launch on-demand scans as needed through the vulnerability management portal as well as view the results and access detailed remediation steps when weaknesses are discovered.
Comprehensive Vulnerability Knowledgebase – Comprehensive vulnerability scans are made possible by McAfee’s vast knowledgebase, which includes tests for more than 55,000 known vulnerabilities, and is continuously updated with the latest alerts and security events.
The PCI DSS are crucial to the foundation of any online business—not only for ensuring safe financial transactions but also for helping to build customer confidence. Becoming PCI complaint doesn’t need to be complicated, expensive, or frustrating, so before embarking on your PCI certification journey, explore the resources available to make the process easier.
To learn more about the McAfee PCI Certification Service, check out our full solution brief and be sure to visit the McAfee SECURE website to sign up for a free 90-day trial with access to the PCI wizard included.
Don’t forget to follow us on Twitter at @McAfeeSECURE for the latest in eCommerce news and events.