PCI-DSS

Over the years, VITECH has helped a wide variety of businesses, companies, and organizations meet PCI compliance standards. We have helped organizations of all sizes, from the small 2-person office, to government entities, to large multi-location businesses.

VITECH has multiple packages to help each organization, according to their needs. These are:

  • Help Completing Self-Assessment Questionnaire
  • Base Compliance Package
    • Security Policies & Procedures
    • Employee Cybersecurity Training
    • Vulnerability Scanning
    • Security Risk Assessment
  • Base Compliance Package + Remediation Guidance
  • Penetration Testing
  • PCI Compliance Audit + Certification
    • Necessary to validate an Organization’s Compliance to PCI-DSS Standards

PCI however, is not a regulation imposed by the government, but rather a security standard developed and regulated by major credit card companies to initiate consistent data security measures within companies, dealing with customer's credit cards on a global basis. Having said this, the risk of PCI noncompliance is high.

In addition to being vulnerable to data breaches and other security incidents, non-compliant businesses can be imposed with steep fines from the credit card companies and may face civil, criminal and legal issues as well. Add loss of customer confidence and decreasing sales to the mix, and PCI noncompliance becomes a recipe for disaster!

The Payment Card Industry Data Security Standard (PCI DSS) is intended to help organizations proactively protect sensitive customer account data. The standard was developed by the founding payment brands of the PCI Security Standards Council, including American Express, Discover Financial Services, JCB International, MasterCard Worldwide and Visa Inc. Inc. International.

'I was PCI compliant and I was breached' -- this is a very misleading statement," says Bob Russo, General Manager at PCI Security Standards Council. "When a company is PCI compliant, it is within a snapshot of time. Companies need to ensure that their goal is to be secure and not just gain a compliance certification"

.