From the world's largest corporations to small Internet stores, compliance with the PCI Data Security Standard (PCI DSS) is vital for all merchants who accept credit cards, online or offline, because nothing is more important than keeping your customer’s payment card data secure. What data thieves are after specifically is cardholder data. By obtaining the Primary Account Number (PAN) and sensitive authentication data, a thief can impersonate the cardholder, use the card, and steal the cardholder’s identity.
Peregrine has current, relevant PCI experience, and recently supported a corporation with a Tram, Restaurant, Hotel, Gift Shop, and a Marina, all of which accepted credit cards but had not undergone PCI compliance. For that effort, Peregrine served as a PCI consultant to help that organization become compliant, working closely with their IT staff to ensure that their system fully met all requirements. Peregrine helped the organization understand what it needed to do to become PCI compliant, then helped to develop and implement a plan once we determined what exact PCI requirements had to be meet and implemented to meet deadlines. Once we were sure that they were ready, we brought in our partner QSA/ASV to conduct the assessments and scans, and ensured all paperwork was complete. Throughout this whole process, Peregrine provided guidance to ensure that the organization stayed on schedule and on budget and successfully passed the independent scans and assessment.
Our role will be to serve as a part of the IT staff, focusing on helping to accomplish all of the cyber-security specialized tasks that are required as part of these assessments. We have available, as needed, a Qualified Security Assessor (QSA) and an Approved Scanning Vendor (ASV) to work with our customers to ensure that they are successful in validating these requirements. Peregrine's role in this effort is to support as a consultant in a fact-finding effort for the following issues:
- PCI DSS Scoping – determine what system components are governed by PCI DSS
- Assessing – examine the compliance of system components in scope
- Compensating Controls – assessor validates alternative control technologies/processes
- Reporting – assessor and/or entity submits required documentation
- Clarifications – assessor and/or entity clarifies/updates report statements (if applicable) upon request of the acquiring bank or payment card brand
We will make recommendations and assist the IT staff in remediation of any and all vulnerabilities and ensuring that mitigation strategies are in place to move forward.