Home About Us Capabilities Sectors Careers Contact Us Become A Preferred Consultant Site Map
 
   
 

PCI Compliance-Security

Peak Performance Technologies has had dozens of education and government customers over the last 24 months engaged our team to begin discussions surrounding banking and payment regulatory compliance. Historically we never got involved in these areas but our intimate knowledge of their business practices, ERP systems and underlying policies, procedures and process flows gave us a unique insight into their degree of risk. We hired a recognized industry thought leader named David Tartaglia who pioneered the development of PCI Compliant gateways that integrated with the nation’s leading ERP products such as SAP, Oracle, PeopleSoft and Banner. He and his team are responsible for delivering a wide array of customized services that are arguably among the most important regulations facing their business today.

How Do I Reduce the Cost and Risk of PCI Compliance?

The PCI Data Security Standard requires merchants to deploy effective security measures to protect cardholder data from misuse. The cost of doing so can be steep, but it doesn't have to be prohibitive. Here are two ways that merchants can not only reduce the cost of PCI compliance, but enhance the protection of their cardholder data as well.

Don't Store Cardholder Data

Ideally you will not need to store cardholder data. If you do need to you should replace cardholder data with tokens from a PCI-certified service provider like Cybersource. The token can be used within your enterprise for reporting, repeat customers and recurring transactions. This eliminates the need for costly encryption and key management technologies, reduces the scope of PCI compliance and removes your ERP from the scope of PCI compliance audits, and renders a data security breach virtually futile ultimately keeping your organization out of the headlines. Cyber Solutions can show you how to do this and lead the implementation effort if so desired.

Don't Use an On-Premise Payment Application

The Payment Application Data Security Standard (PA-DSS) applies to all companies that utilize an on-premise, installed payment application that transmit; processes, or stores cardholder data. If your company transmits, processes, or stores cardholder data then your company’s network(s) and system(s) are in scope for PCI compliance, with all the attendant costs and risks. The easiest way to reduce the cost of PA-DSS and PCI compliance is to utilize a 3rd party PCI-certified service provider like Cybersource in place of an on-premise application. Doing so shifts the PCI burden to the service provider and away from your organization. Cyber Solutions can show you how to do this and lead the implementation effort if so desired.

Financial Benefits:

  • Reduce the cost of encryption technology 20% to 70%
  • Reduce the cost of key management technology 20% to 70%
  • Reduce the cost of PCI compliance audits 10% to 20%
  • Reduce the cost of payment application upgrades 50% to 75%
  • Reduce the cost of payment application maintenance 25% to 75%

Scanning

With the card brands' requirements to scan your network from the outside, external vulnerability scans are a no-brainer. But, did you know that the Payment Card Industry Data Security Standard (PCI DSS) also requires internal vulnerability scanning each quarter?

Internal vulnerability scanning helps pinpoint vulnerabilities and areas of your network that need remediation.

Peak Performance Technologies can show you how to do this and lead the implementation effort if so desired.
 
  Copyright 2010 -- Peak Performance Technologies, A Gilfus Education Group Company -- All Rights Reserved -- 888.861.3375 x708 -- peak@gilfuseducationgroup.com