What is PCI DSS?
PCI DSS (Payment Card Industry Data Security Standard) is a set of rules that ensure online credit card transactions are protected & safe from hackers. These rules apply to every business that processes, stores, or transmits credit card information over the internet. It was developed in 2004 by a group of payment card issuers (American Express, Visa, Discover, JCB, and MasterCard) to reduce risks related to Payment card fraud and hacking.
Having a PCI DSS Compliance Certificate means that your systems are secured & protected. Your customers can trust you to enter their credit cards on your platform.
PCI DSS Compliance for Level 1 Merchants:
It is the highest and most stringent level of PCI DSS. To be eligible to level one PCI DSS, you may consider the following criteria:
PCI DSS Level #1 Criteria:
- The number of card transactions is (VISA Transactions >6 million, or > 2.5 million American Express, or >1 million JCB) per year.
- OR you store/process cardholder's sensitive data in your systems.
- OR your firm experienced a cyber attack that led to access to the cardholder's sensitive data.
PCI DSS Level #1 Requirements:
The PCI DSS requirements aim to enhance the security of payment card account data. It represents the key steps to following the security best practices.
Scan Types Required for PCI DSS Level #1 Merchants
Vulnerability Scan
It is a high-level automated test that finds and reports potential vulnerabilities. All external IP addresses and domains displayed in the Cardholder’s Data Environment (CDE) must be scanned by a PCI- Approved Scanning Vendor (ASV) at least once every three months.
Penetration Test
Penetration testing is a type of ethical hacking, where certified professionals simulate threat agent technologies in near-real scenarios, intending to identify configuration vulnerabilities in all of your organization's systems, applications, and networks.
The goal of the pentest is to discover your organization's cyber defense weaknesses in all its areas, giving you an early warning to address them before any third-party hack. Required once a year.
External Scan
It is the process of scanning external vulnerabilities, ports, and services on a public access network, looking for vulnerabilities that a hacker is looking to exploit.
After the scan, a scan report will be generated containing vulnerabilities that must be resolved to become compliant, and more secure.
Internal Scan
These are processes in which internal vulnerabilities are scanned from a site that has access to the internal network being scanned.
It shows vulnerabilities at a greater depth and this enables us to see more network services vulnerabilities compared to external scanning.
How Daam Al-Arabia can help you?
Our security experts at Daam Al-Arabia can help you select the right QSA, ASV, and Penetration Test firms for your business and get your PCI DSS certificate in Saudi Arabia as quickly as possible.
We also offer robust, cost-effective, PCI DSS approved solutions:
- Conducting security assessments.
- Vulnerabilities, external, and internal scans.
- Penetration tests.
Our wide range of services will not only help you prepare for PCI DSS compliance but will improve the overall security of your organization.