A security and compliance company reports that it has achieved global Approved Scanning Vendor status from the Payment Card Industry (PCI) Security Standards Council
The Payment Card Industry Security Standards Council
The PCI Security Standards Council mandates that all merchants with a presence on the internet must conduct regular security audits of their payment infrastructure to test that they protect customers’ payment card details from being intercepted by hackers and thieves. Businesses that fail to comply risk losing their ability to process online payments, or financial penalties if they are proven to be responsible for a data leak.
External scans of merchants’ networks must be carried out on a quarterly basis by Approved Scanning Vendors
Commenting on RandomStorm’s renewed ASV certification, Andrew Mason, co-founder and Technical Director of RandomStorm said, “Several high profile hacks have highlighted the dangers to payment card data stored on merchants’ systems. While breaches suffered by the largest merchants tend to hit the headlines, retailers and online businesses of all sizes need to follow best practice and be able to quickly detect network intrusions to protect their customers against card fraud. Owing to the increase in malware, botnets and exploit kits, a company’s security status can change on a daily basis. The best way to achieve ongoing security is through continuous monitoring of network assets, in between scheduled audits.”
The firm provides vulnerability scanning and intrusion detection services to help companies to improve and maintain their security posture on a continuous basis. The company is a CESG CHECK
References
“PCI DSS Quick Reference Guide, understanding the Payment Card Industry Data Security Standard version 2.0” https://www.pcisecuritystandards.org/documents/PCI%20SSC%20Quick%20Reference%20Guide.pdf
PCI DSS Quick Reference Guide – “choosing an Approved Scanning Vendor” https://www.pcisecuritystandards.org/documents/PCI%20SSC%20Quick%20Reference%20Guide.pdf
PCI Compliance Guide – frequently asked questions http://www.pcicomplianceguide.org/pcifaqs.php