If your organisation accepts credit card payments online, security
Being non-compliant at a time of a breach
What is PCI DSS?
The Payment Card Industry Data Security Standard (PCI DSS) is a complex set of rules and requirements developed to ensure that all companies that process, store or transmit credit card information maintain a completely secure environment.
Scope of the service
Shearwater’s PCI Assessment Suite takes the complexity out of the PCI DSS requirements relating to Vulnerability Assessment and Penetration Testing. We will guide you through any complex scoping issues to ensure you continually comply with the following requirements:
11.1 PCI DSS Requirement
Test for the presence of wireless access points, and detect unauthorised wireless access points on a quarterly basis. Typical methods are wireless network scans, physical/logical inspections of system components and infrastructure, network access control (NAC), and wireless IDS/IPS.
11.2 PCI DSS Requirement
Run internal and external network vulnerability scans at least quarterly and after any significant change in the network. After passing a scan for initial PCI DSS compliance, an entity must, in subsequent years, pass four consecutive quarterly scans as a requirement for compliance. Quarterly external scans must be performed by an Approved Scanning Vendor (ASV). Scans conducted after network changes may be performed by internal staff.