PCI-DSS Compliance Support
PCI-DSS compliance consulting and technical infrastructure support for all organizations that process, store, or transmit payment card data.
PCI DSS
v4.0 Compliance
What is PCI-DSS?
Payment Card Industry Data Security Standard (PCI-DSS) is a security standard created to protect credit card information. Required by card companies like Visa, Mastercard, and American Express, this standard ensures card data security.
- Secure processing of credit card data
- Encrypted storage of sensitive data
- Regular scanning for security vulnerabilities
- Access control and monitoring
E-commerce
Businesses accepting online payments
Service Providers
Payment infrastructure providers
Processors
Card transaction managers
Hosting
Card data hosting providers
PCI-DSS Requirements
PCI-DSS contains over 300 control points under 12 main requirement categories.
Network Security
Firewall and network segmentation
- Firewall configuration
- DMZ setup
- Network segmentation
- Traffic monitoring
Secure Configuration
Changing default passwords and settings
- Strong password policy
- Default account disabling
- Service hardening
- Configuration management
Data Encryption
Protecting card data through encryption
- TLS/SSL encryption
- Disk encryption
- Key management
- PAN masking
Access Control
Preventing unauthorized access
- Role-based access
- MFA requirement
- Least privilege principle
- Access logs
Monitoring & Logging
Recording system activities
- Centralized log management
- SIEM integration
- Real-time alerting
- Log retention (1 year)
Security Testing
Regular security assessments
- Annual penetration testing
- Quarterly vulnerability scanning
- IDS/IPS controls
- Code security analysis
Shared Responsibility
Responsibility distribution between VeriTeknik and customer in PCI-DSS compliance.