paykasa bozdurma
Network Abstract C Banner

PCI Compliance

We Can Assist You
Home > Services > Security Services > Compliance > PCI Compliance
PCI Solutions

Mandated by card issuers, PCI DSS requires all merchants with internal systems that store, process or transmit cardholder data to comply with key data protection measures and submit to annual security audits. SageNet offers a variety of cybersecurity and compliance services that help merchants achieve compliance with PCI mandates. What’s more, SageNet cybersecurity services can help your organization go beyond compliance to achieve a true enterprise-wide culture of information security.

Download our PCI Data Sheet >

 
Managed Authentication
PCI Requirements 7 & 8

SageNet offers a Software Defined Perimeter managed service that enables secure authentication to enforce “zero trust” network and application level access controls.
 
SIEMaaS
PCI Requirements 10

SageNet’s SIEM as a Service incorporates a SIEM deployment, configuration and maintenance to deliver data log aggregation, security event correlation and SageNet’s security content suite.
 
SOCaaS
PCI Requirements 10.6

US-based 24x7x365 Security Operations Centers continuously monitor, investigate and escalate security events. Includes the SIEM, log collection, custom security content and monitoring service.
 
Penetration Tests
PCI Requirements 11.2

Identify vulnerabilities to harden defenses. Testing capabilities include internal, external, web application, mobile, physical and social engineering.
 
ASV Scanning
PCI Requirements 11.2.2

Approved Scanning Vendor (ASV) services to externally scan customer environments with the purpose of identifying vulnerabilities for remediation.
 
Security Assessments
PCI Requirements 12.2

Security program assessment services based on standard security frameworks of ISO 27001/27002, NIST 800-53 and PCI DSS compliance.


PCI Compliance Integrated within SageNet’s CompleteConnect™


Firewall Configuration, Design, Review and Management

PCI Requirement 1.1.7


SageNet’s Managed Network Service is rooted in the design, configuration, and management of Unified Threat Management (UTM) appliances and firewalls to build and operate a secure managed network 24x7x365.

Security VPN Transport Encryption
PCI Requirement 4


SageNet’s CompleteConnectTM services encrypt data in transport for more secure and PCI compliant data communication.

Data Center Security – Physical and Logical
PCI Requirement 9


SageNet’s Managed Network Service is rooted in the design, configuration, and management of Unified Threat Management (UTM) appliances and firewalls to build and operate a secure managed network 24x7x365.

PCI Compliant Network Management
PCI Requirement 10.8


SageNet undergoes an annual PCI audit to validate the controls and processes that are in place to remain a PCI compliant service provider.

Continuous SIEM Monitoring of SageNet Internal Hosts
PCI Requirement 10.6 & 12.11


SageNet’s internal security program utilizes a SIEM for internal security event data monitoring.

Annual Assessment
Attestation of Compliance (AOC)


Each year, SageNet undergoes a rigorous audit to ensure that all security controls and process are adhering to the latest PCI DSS compliance standards.

Compliance with the PCI DSS

PCI compliance is required by all entities that store, process or transmit cardholder information.  In order to be considered “PCI compliant”, an entity must comply with all of the requirements in the PCI DSS (either directly or through appropriate compensating controls).

Compliance validation requirements vary depending on the payment brand program and the merchant or service provider level (e.g., Level 1 through 4). An entity may be able to assess compliance with the PCI DSS through a singular review; however, the entity would still be required to follow each payment brand’s respective compliance validation and reporting requirements. Noncompliance can result in fines levied by credit card companies against merchants, processors and acquiring banks.

To whom does the PCI DSS apply?

The PCI DSS requirements apply to all merchants and other companies that store, process or transmit credit card information.

Responsibility for compliance

  • The PCI SSC maintains and administers the PCI DSS but does not enforce compliance.
  • Each credit card brand (credit card company) is responsible for enforcing their PCI DSS compliance policy. A credit card brand may enforce compliance to their security policy (compliance to PCI DSS) on merchants, their banks (acquirers), and processors.

Different compliance validation for different classes of merchants

  • Each credit card brand has different requirements for PCI DSS compliance validation, primarily based on merchant’s credit card transaction volume.
  • American Express, Discover, MasterCard, and Visa define merchant “Levels”.
  • Different compliance requirements apply to different Merchant Levels.

PCI DSS Requirements

The PCI-DSS (Payment Card Industry - Data Security Standard) is an international standard that was developed by the credit card companies American Express, Discovery, JCB, MasterCard and Visa in order to protect their clients' credit accounts from leakage outside organizations and companies holding these accounts.

The standard was written by the PCI-SSC (Payment Card Industry - Security Standards Council) and includes 12 information security controls, divided into 12 requirements and dozens of sub requirements, designed to prevent exposure of credit card information in any form.

In addition to the PCI-DSS, the Security Council also issued the Payment Application (PA) DSS standard defining the requirements of credit card software companies including the PCI PIN Entry Device (PED) and PIN Transaction Security (PTS) for credit card hardware manufacturers. This standard defines the requirements for software manufacturers, software developers and integration software that have interfaces with information processing and the transfer of credit card information. Over 200 specific sub-requirements are included in the 12 main PCI DSS requirements.

Compliance with the PCI DSS

PCI compliance is required by all entities that store, process or transmit cardholder information.  In order to be considered “PCI compliant”, an entity must comply with all of the requirements in the PCI DSS (either directly or through appropriate compensating controls).

Compliance validation requirements vary depending on the payment brand program and the merchant or service provider level (e.g., Level 1 through 4). An entity may be able to assess compliance with the PCI DSS through a singular review; however, the entity would still be required to follow each payment brand’s respective compliance validation and reporting requirements. Noncompliance can result in fines levied by credit card companies against merchants, processors and acquiring banks.

To whom does the PCI DSS apply?

The PCI DSS requirements apply to all merchants and other companies that store, process or transmit credit card information.

Responsibility for compliance

  • The PCI SSC maintains and administers the PCI DSS but does not enforce compliance.
  • Each credit card brand (credit card company) is responsible for enforcing their PCI DSS compliance policy. A credit card brand may enforce compliance to their security policy (compliance to PCI DSS) on merchants, their banks (acquirers), and processors.

Different compliance validation for different classes of merchants

  • Each credit card brand has different requirements for PCI DSS compliance validation, primarily based on merchant’s credit card transaction volume.
  • American Express, Discover, MasterCard, and Visa define merchant “Levels”.
  • Different compliance requirements apply to different Merchant Levels.