IOActive
Site Map  |  Privacy Policy  |  Advisories

About Us

Services

Overview
Application Security
Scada and Smart Grid
PCI and Compliance

PCI Services
Risk Management Services
Advisory Services
Cloud Computing
Automated Teller Machines
Security Development Lifecycle
Infrastructure Audit


News

IOActive Labs

Contact
IOActive Labs IOBOT! Click to learn more.

 
 greybar
PCI Services
 greybar

According to an ITPolicy study, organizations that embrace compliance as a core principle in business strategies tend to spend less money on compliance annually, reduce data breaches, and increase revenue. While credit card companies have always been vulnerable to fraudulent activity, the evolution of electronic commerce has introduced many new opportunities for malicious users to intercept sensitive data from vendors, banks, and third-party entities.

To combat the increasing cost of using unauthorized credit card data, the Payment Card Industry Data Security Standards (PCI DSS), were established. Authored by the PCI Security Standards Council—an independent organization consisting of representatives from the major credit card brands—the PCI DSS requires merchants and their business partners to ensure the safety of cardholder data by performing due diligence and employing best practices.

IOActive is a certified Quality Security Assessor (QSA) and an Approved Scanning Vendor (ASV) by the PCI Security Standards Council. Unlike some QSAs who take a minimalist, checklist approach, we believe that compliance is part of an organization's enterprise risk management universe. Understanding that the PCI standards apply to any company that stores, processes, or forwards credit card information, IOActive offers a range of PCI services that fit within an organization's existing business framework.

PCI Gap Analysis (ROC and SAQ Guidance)
IOActive works with organizations to validate the efficacy of their existing controls, providing guidance and detailed recommendations that help ensure continued success with ongoing compliance efforts. IOActive offers skilled technical and compliance consultants who appraise organizations' ability to meet specific compliance requirements.

PCI Compliance Assessment
IOActive conducts the necessary assessment, highlights any issues, and works with organizations to address any non-compliant systems, all while collaborating with teams to achieve compliance with the PCI DSS.

Quarterly Scanning (ASV)
IOActive performs the necessary quarterly scanning to fulfill requirement 11.2 in the PCI DSS. After scanning, IOActive works with the organization to answer and address findings that indicate possible network compromise.

Additional services include:
  • Network penetration tests.
  • Application penetration tests.
  • Secure Development Lifecycle services.
  • Code reviews.
 
 greybar

More Information
Featured Webcast:
 Debunking 12 Common Myths in PCI.


Download PDF:
 Download IOActive PCI Compliance Brochure.


Need more information?
 Contact IOActive today.

Visit our Facebook page Visit our Twitter page Visit us on Flickr