Critical Watch
Loading

Overview

Features

FusionVM Enterprise

FusionVM SaaS

FusionVM PCI

FusionVM MSSP

FusionVM Consultant

 

Try FusionVM Today!

Click here to request a free 15-day trial of FusionVM

PCI DSS v1.1 PDF

 


CVE Compliant

PCI Explained

FusionVM PCI Built on the FusionVM SaaS portal, FusionVM PCI includes:

The PCI DSS v1.1 is made up of 12 main requirements designed to insure that credit card holder information is protected if properly implemented and maintained. The standard applies to all service providers or merchants that process, store or transmit credit card information.

Build and Maintain a Secure Network

Requirement 1: Install and maintain a firewall configuration to protect cardholder data
Requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters

Protect Cardholder Data

Requirement 3: Protect stored cardholder data
Requirement 4: Encrypt transmission of cardholder data across open, public networks

Maintain a Vulnerability Management Program

Requirement 5: Use and regularly update anti-virus software
Requirement 6: Develop and maintain secure systems and applications

Implement Strong Access Control Measures

Requirement 7: Restrict access to cardholder data by business need-to-know
Requirement 8: Assign a unique ID to each person with computer access
Requirement 9: Restrict physical access to cardholder data

Regularly Monitor and Test Networks

Requirement 10: Track and monitor all access to network resources and cardholder data
Requirement 11: Regularly test security systems and processes

Maintain an Information Security Policy

Requirement 12: Maintain a policy that addresses information security

Compliance Levels

The PCI Compliance process varies for Merchants and Service Providers based on number of transactions performed annually.

For Merchants the parameters are as follows:

Level 1

  1. Merchants with more than 6,000,000 transactions per year. Other merchants in Level 1 will be merchants whose security has been violated and data compromised and merchants which another credit card company have classified as Level 1.
  2. Merchants with 150,000 to 6,000,000 transactions per year.
  3. Merchants with 20,000 to 150,000 transactions per year.
  4. Merchants with less than 20,000 transactions per year.

Level 2

Merchants processing 1,000,000 to 6,000,000 transactions per year.

Level 3

Merchants processing 20,000 to 1 million transactions per year

Level 4

Merchants Processing less than 20,000 transactions per year

For Service Providers the parameters are as follows:

Level 1

All processors and payment gateways

Level 2

Any Service Provider not in Level 1 and stores, processes or transmits more than 1 million accounts or transactions annually

Level 3

Any Service Provider not in Level 1 and stores, processes or transmits less than 1 million accounts or transactions annually

Merchants and Service Providers at all levels are required to undergo a Quarterly Network Scan performed by an Approved Scanning Vendor (ASV).  Level 2,3,4 Merchants and Level 3 Service Providers are required to complete an annual self assessment questionnaire, and Level 1 Merchants and Level 1 and 2 Service Providers must also undergo an annual site assessment by a Qualified Security Assessor (QSA).

For questions on FusionVM PCI email pci@criticalwatch.com

4201 Spring Valley Rd., Ste. 1400, Dallas, TX 75244 | 1-866-525-8680 Toll-free

©2001-2008 Achilles Guard, Inc. dba Critical Watch. All Rights Reserved

Products | Solutions | Support | Partners | Company | News & Events

Site Map | Privacy