SMCPL's services related to PCI Security Standards include the following:
The PCI Data Security Standard (PCI DSS) applies to major credit card providers, and is intended to protect cardholder data. To achieve PCI DSS compliance, all members, merchants and service providers must adhere to this standard, which offers a single approach to safeguarding sensitive data for all card brands.
The Payment Application Data Security Standard (PA-DSS) applies to software vendors and others who develop payment applications that store, process, or transmit cardholder data as part of authorization or settlement, where these payment applications are sold, distributed, or licensed to third parties.
Point-to-Point Encryption (P2PE)
Point-to-Point Encryption, also known as end-to-end encryption, is an emerging technology that is used to protect sensitive credit card data from point of swipe, while in transit, all the way to the payment processor. This type of protection is critical as hackers increasingly focus on stealing credit card data while it is in transit. As a QSA P2PE, SMCPL is one of a very select group of PCI compliance certification firms authorized to certify to P2PE standards.
Experian Independent 3rd Party Assessment (EI3PA)
EI3PA is an annual assessment of Experian's 3rd Party Processors' ability to protect Experian's Personally Identifiable Information (PII) data. If you are a company processing, storing, or transmitting PII provided by Experian, you may be required to have your systems assessed by a QSA to determine how well you are protecting this information externally and internally from unauthorized users.
Daily Logging & Monitoring
SMCPL will design and implement a log management solution that fits your regulatory log retention requirements. The design will ensure that devices log the required information, the logs are consolidated in a secure central repository and that the logs are automatically moved to near-line or offline storage for worry-free long term retention.
Security Awareness Training
Employees who are not trained or generally aware of information security can be the weakest link in your organization. Many industries require a continuing employee education program and proof of performance.