MainNerve Expertise

Learn About PCI Compliance

The Payment Card Industry Council was created by American Express, Discover Financial Services, JCB International, MasterCard, and Visa Inc. The Council’s goal is to “develop, enhance, disseminate and assist with the understanding of security standards for payment account security.”

Consequently, the Council instituted the Payment Card Industry Data Security Standard (PCI DSS). Many versions have been created over the years as they learn about new threats and technology advances. The most current is version 3.2.1 (updated in May of 2018). PCI DSS provides a baseline of technical and operational requirements designed to protect account data.

Some of the requirements for PCI compliance can include:

A Report on Compliance (ROC) submitted by a Qualified Security Assessor (QSA) or signed by an Internal Auditor that is an officer of the company.

Submittal of an Attestation of Compliance (AOC) form.

Quarterly scans by an Approved Scanning Vendor (ASV).

Conduct penetration testing on internal, external, and wireless networks.

ww
Ready to start talking with a professional? 
In Simple Terms
What Does This Mean?
PCI DSS requires ALL entities involved in payment card processing to be in compliance with PCI DSS 3.2. Non-compliance can result in a merchant losing their payment card processing privileges and subsequently, their business.
How Do I
Become Compliant?

By determining the scope of the PCI audit that applies to your Merchant Level and following through on the requirements. For Level 1 Merchants, that means a full ROC, AOC and quarterly scanning by an ASV. For Levels 2-4, a SAQ that is specifically tailored to the merchant’s method of using credit cards (card not present, stand-alone terminals, web-based terminals etc.), an AOC and quarterly scanning by an ASV.

Let Us Help
Applicable Services

QSA Support: MainNerve partners with several highly reputable U.S. companies to bring in affordable QSA support when clients request them. These are highly experienced QSAs with decades of experience in PCI DSS ROC requirements and work with MainNerve penetration testers to quickly meet your PCI DSS needs.

Scope Definition and Advisor Services

Don’t know what your PCI Merchant Level is, where your cardholder data is stored, or what are your compliance requirements are under PCI DSS 3.2? MainNerve QSA qualified personnel will sit down with you and ensure that your PCI DSS customer experience is appropriately scoped and tailored for your exact needs.

Penetration Testing

MainNerve has extensive experience helping Level 1 Merchants achieve PCI DSS compliance through the application of rigorous internal and external penetration tests as well as web and mobile based application penetration testing. These tests, when performed during a ROC conducted by a QSA, meet or exceed the penetration testing conditions required for PCI compliance. MainNerve’s penetration testers are all veterans with decades of experience and only perform penetration tests to the standards outlined in PCI DSS, NIST SP 800-115, OWASP and OSSTMM. MainNerve has performed these services to support Level 1 PCI requirements for companies as large as $34B and smaller vendors as well.

QSA Support

MainNerve partners with several highly reputable U.S. companies to bring in affordable QSA support when clients request them. These are highly experienced QSAs with decades of experience in PCI DSS ROC requirements and work with MainNerve penetration testers to quickly meet your PCI DSS needs.

Resources