Reply is the place to meet an incredible variety of enthusiastic, passionate, ideas-driven people, who want to make a difference and an impact.Would you like to know more?
The security of credit card payment systems and card holder’s data is becoming one of the main challenges for any company offering services in this sector.
The main International credit card issuing companies, including VISA, MasterCard and American Express, are promoting the Payment Card Industry Data Security Standard (PCI DSS), a set of requirements and processes aiming at minimizing the IT fraud risks related to the use of credit cards.
The control objectives set by the Standard are divided into six logically related groups:
Non-compliant companies may incur fines up to 500,000 dollars in case of loss or theft of information and may no longer be authorized to manage credit or debit cardholders data, besides suffering considerable damages to their reputation.
PCI DSS provides an innovative approach compared to “traditional” security standards, since it does not only require to verify processes and policies defined within the companies’ security documental systems, but also to thoroughly analyze the technological aspects, the infrastructure protection mechanisms, the critical data storage policies as well as the management of Vulnerability Assessment and Log Management processes.
Companies managing payments through credit cards, particularly those in the financial and banking sector, are particularly sensitive to this problem. For example, UniCredit Group, one of Spike Reply’s main clients, which has always been at the forefront with regards to enterprise security systems, is already encouraging its suppliers of e-banking and electronic payment services to regulate all their payment channels, including e-commerce, on the basis of such standard.
Spike Reply, through specific skills acquired also through targeted certifications (GPCI of SANS), successfully provides its customers with methodological, organizational and technological support, to carry out enterprise projects for standard compliance. The comprehensive experience that Spike Reply acquired over the years by working in the Enterprise Information Security sector, is fundamental in order to fully understand issues connected to the development of a PCI Compliance project. The PCI DSS standard compliance process suggested by Spike Reply stimulates a deep analysis and revision of the company security model and acts as a lever for the update and renewal of that very same model.