Cookie Notice

We use cookies to analyse site traffic and optimise your browsing experience. Accepting necessary cookies is required to provide you with a minimum level of service. Read Cookie Statement

Get In Touch
Contact Us

Contact Us

Please get in touch using the form below

1000 characters left
View our privacy policy
Experiencing a breach? Get emergency incident response assistance.

Overview

What you need to know about payment security

PCI DSS 3.2 encompasses six key objectives. These objectives are split across a set of 12 requirements, each incorporating a range of preventative, detective and directive controls.

Objectives

PCI DSS objectives

Build and Maintain a Secure Network

1. Install and maintain a firewall configuration to protect cardholder data

2. Do not use vendor-supplied defaults for system passwords and other security parameters

Protect Cardholder Data

3. Protect stored cardholder data

4. Encrypt transmission of cardholder data across open, public networks

Maintain a Vulnerability Management Program

5. Use and regularly update anti-virus software or programs

6. Develop and maintain secure systems and applications

Implement Strong Access Control Measures

7. Restrict access to cardholder data by business need-to-know

8. Assign a unique ID to each person with computer access

9. Restrict physical access to cardholder data

Regularly Monitor and Test Networks

10. Track and monitor all access to network resources and cardholder data

11. Regularly test security systems and processes

Maintain an Information Security Policy

12. Maintain a policy that addresses information security for employees and contractors

Services

Our PCI DSS services

Redscan offers a range of specialist PCI DSS services, including:

PCI DSS log management and monitoring

Kroll Responder, our Managed Detection and Response service, help organisations track and monitor access to network resources and cardholder data in order to achieve compliance with PCI DSS 3.2 requirements 10 & 11.
Responder offers:

• Log management

• Asset discovery

• Intrusion detection

• File integrity monitoring

• Internal vulnerability scanning

PCI DSS Penetration testing

Requirement 11 of PCI DSS 3.2 outlines the need for organisations to perform internal and external penetration testing at least annually, or after any significant change to network infrastructure.

Managed vulnerability scanning

Internal quarterly vulnerability scanning by our cyber security experts helps to identify, classify and remediate common exposures such as weak user credentials and unpatched or out-of-date operating systems, applications and software. To comply with PCI requirement 11, vulnerability scans should be performed quarterly and after any significant network changes.

Virtual CISO

Call upon a highly-qualified and experienced security professional to support your PCI DSS requirements. By acting as an extension of in-house resources, a Redscan Virtual CISO can help to assess cyber-risk and develop and implement the policies, procedures and controls needed to achieve PCI compliance.

Discuss your PCI DSS requirements

Get in touch

More

More about PCI DSS compliance

For more information about PCI DSS compliance:

Get in touch

Complete the form for a prompt response from our team.

Two Redscan team members analysing cyber security intelligence

1000 characters left
View our privacy policy

Resources

Discover our latest content and resources

From the blog
From the blog Case studies Latest news
8th May 2024
Insider threats soar by 14% annually 
New research has highlighted a significant rise in insider or employee fraud, with the most common reason being “dishonest action to obtain benefit by theft or deception”.
8th May 2024
Two-thirds of organisations fail to address AI risks
New research suggests that, despite the soaring use of AI in the workplace, just a third of organisations are successfully addressing its security, privacy and ethical risks.    
29th April 2024
Security leaders anticipate daily AI-driven attacks by year-end
According to new research, the majority of businesses are worried about AI-enabled cyber-threats, with 93% of security leaders anticipating daily attacks of this type by the end of 2024.  
22nd April 2024
Quishing attacks increase tenfold
According to new research, quishing attacks, a type of phishing that leverages QR codes, have significantly increased, rising from 0.8% in 2021 to 10.8% in 2024.