PCI DSS payment system.Download the presentation
The topic of PCI DSS standard requirements and the issue of verifying compliance with these requirements are among the most discussed at forums and conferences on security in the credit and financial sector today. Thus, within the framework of this article, we will not only consider the main theoretical aspects of this topic, but also provide general practical recommendations to those who plan to conduct a PCI DSS compliance audit.
As part of the audit, several successive stages are carried out, which differ in complexity and duration.
Audit stages: Verification of documents and determination of the control zone. At this stage, the auditors analyze and verify the package of necessary documents of the client (the company acting as the audited client, in accordance with the requirements of the PCI DSS standard). These documents include: a network deck showing all connections made to the part of the network where data is stored, processed or transmitted, including information about cardholders, resource registration, standards and policies adopted by the company, documented procedures and processes.
On-site conformity assessment (on-site audit). After the problem with the sample is eliminated and the verification of the necessary documentation is completed, the on-site inspection stage begins, that is, the stage of verifying compliance with PCI DSS requirements directly on site, that is, on the customer's territory. Auditors monitor the application of security methods and their compliance with PCI DSS requirements in accordance with audit procedures that include more than 230 checks.
Preparation and distribution of the report. After completing the on-site verification procedure, work begins on compiling a report. If the company meets all the requirements of the standard, the corresponding report is sent to the international payment system in which it operates (ROC for Visa Int. and COV for MasterCard Worldwide).
Drawing up a plan to eliminate inconsistencies. If at least one nonconformity is detected during the inspection, the company being checked develops a plan to eliminate nonconformities (action plan). This plan should specify specific dates for correcting the identified inconsistencies, as well as methods and measures that each of them plans to correct.
Study of the full terms of reference and problem statement
Coordination of the technology stack and project design
Getting the result in the form of a finished product
In just a month, the wallet and the merchant service were raised! Our startup is already open in Singapore! Greetings from Repayments PTE Ltd.
Both the first and the second were clearly done in time! 17 cryptocurrencies! Quick exchanges! A payment gateway has also been connected!