Benefits gained from implementing the PCI DSS

� Compliance with legislation

For Level 1 organizations, the annual compliance certification security audit is a mandatory and integral part of

the agreement with the credit card issuer or the affiliated bank

� Credibility, trust, and confidence

� Prevention of confidentiality breaches

As well as harming your image, losing data brings the risk of extensive claims for damages

� Avoidance of potential fines

Non-compliance can cost money -- organizations that do not meet PCI DSS can be fined heavily

� Recognized worldwide and present globally

� Extensive know-how in the fields of certification and compliance management

� Highly qualified auditors with international experience

� PCI Security Standards Council-recognized Qualified Security Assessor Company (QSAC)

� Reliable, impartial, confidential, and cost-effective service provider

� Capable multiple IT and Communications Security-related services such as Information Security Management

System auditing, Vulnerability Assessment, and penetration testing

Why TÜV Rheinland Group as your partner?

Contact Us :

Head Offi ce

TÜV Rheinland (India) Pvt. Ltd.82/A West Wing, 3rd Main Road, Electronic City Phase I, Bangalore-560 100, India.Tel # : +91-(0)80 3989 9888/ 3055 4319Fax # : +91-(0)80 30554342Email: info-industry@ind.tuv.comWebsite: www.ind.tuv.com

Our offi ces

Chennai MumbaiCochin New DelhiCoimbatore PanchkulaGurgaon PuneHyderabad RanipetKarur TrichyKolhapur TuticorinKolkata VadodaraMadurai VisakhapatanamMohali

®T

ÜV,

TU

EV

an

d T

UV

are

reg

iste

red

tra

dem

arks

. Uti

lisat

ion

an

d a

pp

licat

ion

req

uir

ed p

rio

r ap

pro

val.

IND

0039

- S

409

Payment Card Industry Data Security Standard (PCI DSS) For secure payment card transaction and cardholder data environment

Compliance Audit and Advisory Service

What is PCI DSS?PCI DSS (Payment Card Industry Data Security Standard) is the common security standard of all major credit card brands. Regardless of their size, organizations that process payment card information must be PCI DSS-compliant. To secure your business and increase customer confidence, achieving PCI DSS compliance is a clear indicator of the conscientious care with which you handle sensitive customer data.

The PCI Security Standards Council recognizes the TÜV Rheinland Group, a global assessment firm, as a QSAC (Qualified Security Assessors Company). Find us on the PCI Security Standards Council (SSC) PCI QSA List under the name ‘TÜV Rheinland Secure iT GmbH’.

To whom is it relevant?PCI DSS applies to any entity that stores, processes, and/or transmits cardholder data. If your organization accepts or processes payment cards, it must comply with PCI DSS.

The standard basically requires to:

� Build and maintain a secure IT network � Protect cardholder data � Maintain a vulnerability management program � Implement strong access control measures � Regularly monitor and test networks � Maintain an information security policy

Organizations accepting payment cards are expected to protect cardholder data and to prevent their unauthorized use – whether the data is printed or stored locally, or transmitted over a public network to a remote server or service provider.

PCI DSS represents the best available framework to guide better protection of cardholder data.

It also presents an opportunity to leverage cardholder data security achieved through PCI DSS compliance for better protection of other sensitive business data – and to address compliance with other standards and regulations.

The path to PCI DSS complianceWe help you define the specific requirements and determine your current security standard. Then we work with you to develop measures to meet the PCI DSS requirements.

Awareness TrainingHolding a workshop to raise awareness; identify the payment card environment

Gap AnalysisThrough a pre-audit, identify non-compliance issues; discover vulnerabilities; identify optimization potential; draw up a detailed compliance audit plan

Remediation AssistanceSupport your non-compliance remediation efforts, if any, with aim to achieve PCI DSS compliance in the most efficient way

Compliance AuditAuditing your payment card transaction and cardholder data environment for PCI DSS compliance and validate it with a Report of Compliance (RoC)

PCI DSS ConsultingAssist with PCI DSS Self Assessment Questionnaire (SAQ), information security policy development, payment card transaction and cardholder data environment footprint minimization

Other PCI-related ServicesNetwork vulnerability assessment and penetration testing

Common Questions“Who needs a trusted 3rd-party assessment?”

The PCI Standards Council classifies merchants and service providers based on the number of transactions that take place through their services.

“I’m just a small merchant with limited payment card transaction volume. Do I need to be compliant?”

All merchants of any size need to be PCI-compliant. The payment brands have collectively adopted PCI DSS as the requirement for organizations that process, store or transmit payment cardholder data.

“What are the definitions of ‘merchant’ and ‘service provider’?”

A ‘merchant’ is defined as any organization that accepts payment for goods or services by credit cards bearing the logos of any of the five members of PCI SSC (American Express, Discover, JCB, MasterCard or Visa).A merchant that accepts payment by credit cards for goods or services can also be a ‘service provider’, if the services sold result in storing, processing, or transmitting cardholder data on behalf of other merchants or service providers.

“How do I determine if my organization is required to undergo an on-site data security assessment per the PCI DSS Security Audit Procedures or a self-assessment for compliance with the PCI DSS?”

You should consult your acquirer and/or payment brand (e.g. Visa or Master Card) for details regarding PCI DSS validation requirements.