PCI Compliance Software

As all the confidential or sensitive information is more at risk nowadays, so there is a need to secure the credit cards or debit cards that are attacked most of the times by a hacker. So, Promisec offers a PCI Compliance Software that allows the security standards to secure the credit card or debit card holder’s information from all types of security breaches.

What is PCI DSS Compliance?

The Payment Card Industry Data Security Standard (PCI DSS) is a set of security requirements intended to safeguard credit and debit cards. The PCI Security Standards Council, an organization created by the major credit card brands (Visa, MasterCard, American Express, Discover and JCB International), created the PCI DSS standard after a series of very public security breaches. Most if not all banks and other organizations that manage financial transactions — including businesses, government agencies and institutions — have adopted the PCI DSS as a normal course of business practice to ensure security conditions are met for systems that manage credit and debit card transactions. Compliance with PCI DSS requirements reduces the likelihood of identity theft and other forms of fraud. PCI DSS V.3.1 is the current version of the standard, taking effect in 2015.

PCI Compliance Software

How Is PCI Enforced?

It is a common misconception that PCI DSS compliance is a regulated standard or enforced by a government regulatory commission or body. On the contrary, PCI is completely optional at this point. However this optional nature does not imply it’s not important. While there is no government regulation that would be violated for non-compliance, it would likely be all but impossible to operate a business that processed or accepted credit or debit cards since the bank or credit brands that would be accepted would likely require PCI compliance stipulated in their contract to process the transaction. As an example, if you had an online store that accepted VISA payments, VISA would require you to ensure your online processor (you or third party processor) to comply with PCI DSS V.3.1. If you were to be found in non-compliance you might get fined or have your merchant processing suspended or worse terminated. While there is no PCI police rest assured the last thing you want during a breach is to prove you are PCI compliant to your bank. The moral of the story: get PCI DSS Compliance assurance before any signs of compromise surface.

PCI DSS standard structure

PCI DSS has the typical structure of a technical standard whereby it defines common terminology, provides some guidelines for implementing the standard and then describes the technical requirements organizations must adhere to. PCI DSS v.3.0 has six major security control areas, with 12 top-level requirements directly under those six areas and hundreds of detailed technical requirements in a hierarchy under the top-level requirements. It is important to note that compliance with PCI is subjective to what you should be reasonably required to be accountable for. As an example if you are a merchant that does not process, store, have access or directly transmit card holder data, then you would like not be required to yourself be completely PCI compliant but rather just a subset, however you would still need to account for full compliance to any outsourcer or third party that was processing card holder data.


Promisec EndPoint manager datasheet

Promisec works with NAC and SIEM >>

Case Study




How does Promisec help me with PCI-DSS Compliance?

The standard is comprised of the following 12 requirements:

PCI DSS 3.1 Requirement and Solution

1. Install and Maintain a Firewall Configuration to Protect Cardholder Data
1.4 - Promisec verifies that all firewalls are active and configured to organizational standards and not alterable by employees.
2. Do not use vendor-supplied defaults for system passwords and other security parameters
2.2 - Promisec can enforce a golden image based on CIS, NIST, SANS policy or standard. This allows customers to quickly determine which endpoints are exceptions to the definition of the golden image and then enable the customer to correct the misconfiguration.

2.4 - Promisec can identify all HW and SW components installed on a network. Promisec allows custom definitions to be included in inventory listings.
5. Protect all systems against malware and regularly update anti-virus software or programs
5.1 - Promisec can verify that anti-virus software is installed on all PCs, laptops and servers, is fully operational and running. Promisec can remediate inoperative AV solutions. Promisec can also augment and verify malicious running and installed applications.

5.2 - Promisec can verify that anti-virus software is current and actively running.
6. Develop and maintain secure systems and applications
6.1 - Promisec can determine the installed software on a system and then determine the list of vulnerabilities for that software and related risk scores of these vulnerabilities based on accepted CVSS standards. Furthermore, Promisec can determine which systems do not have the current security patches installed on each system.
7. Restrict access to cardholder data by business need to know
7.1 - Promisec can validate specific users and local policies in effect on a per endpoint basis and determine deviations from a global group policy. Promisec can then enforce any required changes as required by the customer.
10. Track and monitor all access to network resources and cardholder data
10.5.5 - Promisec can perform FIM on any defined data set in the file system. In the case of logs, we can determine when they change and who changed them and when the change took place. In the case of change, we have the ability to fire an security event alert.