Contact Us
Contact Us
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Subscribe to our newsletter
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

PCI DSS

PCI DSS requires businesses to undergo at the least an annual penetration test, system upgrades or during any major infrastructure or code changes.

Find out more
Get a FREE 30 min consultation

Are you happy for Defendza to keep you informed on the latest developments in cyber security (attack reports, guidance, DIY articles)? Of course you can unsubscribe at any time. Please see our privacy policy

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Overview

Payment Card Industry Data Security Standard, better known as PCI DSS, is setup and enforced by the PCI Council consisting of American Express, Visa, Mastercard , JCB and Discover organisations. 

This standard defines a set of requirements designed for organisations participating in accepting or processing credit card payments to protect customer card data. If a business is involved in credit card payments, whether that's online, over the phone, using PoS, PCI DSS applies to the business. 

In order to be compliant, apart from audit requirements, technical PCI DSS audit must be done at least annualy, and should cover areas such as data protection, authentication, access management, encryption. 

Defendza can help your business to implement and validate controls required to adhere to PCI DSS requirements detailed below. 

PCI DSS Requirements

Whether your business falls into self-assessment or third party audit, it's mandatory to adhere to six key objectives with total of 12 requirements as listed in the PCI DSS 3.2 guidance 

Maintain an Information Security Policy

Requirement 12: Maintain a policy that addresses information security for all perosnnel 

Regularly Monitor and Test Networks

Requirement 10: Track and monitor all access to network resources and cardholder data

Requirement 11: Regularly test security systems and processes

Implement Strong Access Control Measures

Requirement 7: Restrict access to cardholder data by business need to know

Requirement 8: Identify and authenticate access to system components

Requirement 9: Restrict physical access to cardholder data

Maintain a Vulnerability Management Program

Requirement 5: Protect all systems against malware and regularly update anti-virus software or programs

Requirement 6: Develop and maintain secure systems and applications

Protect Cardholder Data

Requirement 3: Protect stored cardholder data

Requirement 4: Encrypt transmission of cardholder data across open, public networks

Build and Maintain a Secure Network and Systems

Requirement 1: Install and maintan a firewall configuration to protect cardholder data

Requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters

Book your annual PCI DSS Penetration Test
Call Us Now

Defendza's PCI DSS Offerings

With strong experience and skill-set, Defendza have been helping businesses remain compliant by exceeding their expectations. Both our assessment and managed service offerings are avaialble for no obligation discussions to gain insight into your business objectives and the compliance requirements. Our PCI DSS services include:

Vulnerability Assessments

Learn more

Managed Security

Defendza's Managed Security Service will equip you with continuous outlook on your attack surface by minimising costs and maximising efficiency....
Learn more

Firewall Configuration and Rules Review

A firewall is the first line of defence against online attacks, making it a critical part of your network security strategy.
Learn more

External Network Penetration Testing

Network level services exposed to the Internet, if exploited, could allow easy entry to a threat actor within your network. 
Learn more

Web Application Security Testing

A secure web application forms the basis of any business trading on the Internet. Without security in mind, applications are a treat for o...
Learn more

Internal Penetration Testing

Our consultants would review the security posture of your internal network, targeting user workstations and business-critical servers
Learn more

Testimonials

"My experience to date with Defendza has been very positive, I look for a flexible, knowledable security "partner" when I engage a PT firm. Pentest means many things to many people and there are many different use cases for both the testing activity and the report generated and I need someone to work with me to get the absolute best value out of my security budget."

Information Security Officer
Insurance Group

Excellent people to work with. Very good knowledge of requirement and give us correct findings with excellent remedy to improve our security for our B2B portal site."

Head of Technical & Business Improvement
Leading Pharmaceutical Manufacturer

"I thought it was a highly professional and thorough exercise and I would have no hesitation recommending Defendza to any of my connections."

Director, Software Engineering
Global Information and Analytics Company

"Good personal service. We are delighted with the work Defendza did for us. Highly recommended."

CTO
Manchester headquartered Global Fashion Brand

"Extremely satisfied with approach, speed and end results. Thanks."

COO
International fashion label and store

"My experience of the Defendza team was 5 star.  They were so helpful, and their technical delivery and client communication were excellent."

Director, Software Development
Corporate Services Company