- PCI Compliance Testing
- Penetration Testing
- Web Application Security Audits
- Best Practices Consulting
- Social Engineering
- CISSP Seminar
- NeXpose Training
Of further interest:
- Rapid7 PCI Compliance Portal
- PCI Assessment Service Datasheet
- PCI Compliance Datasheet
- NeXpose PCI Report
- Using the PCI Data Security Standard - White Paper
- Best Practices to Achieve PCI Compliance - White Paper
- PCI Approved Scanning Vendor List
Rapid7 Security Consulting Services
PCI Compliance Testing
The Payment Card Industry Data Security Standard (PCI Standard) defines merchant requirements for securing cardholder information. This worldwide standard for consumer data protection across the payment industry was developed to counteract the rising number of incidents of stolen cardholder account data. Merchants who depend on credit card purchases for their revenue, both online and through point of sale systems, have the most to lose if their businesses are not allowed to take credit cards.
Who is required to meet the PCI security standard?
All entities that accept credit or debit card payment, collect, process or store credit card transaction information, regardless of transaction volume, are required to meet the PCI standard. Failure to comply may result in substantial fines or permanent expulsion from card acceptance programs.
All merchant banks are also required to receive certified proof of PCI from companies that process more than 20,000 credit card transactions per year or be liable and fined themselves. Many merchant banks are beginning to require that all businesses accepting credit card transactions produce this certification of PCI compliance.
What is needed to meet the PCI standards?
There are two basic steps required to meet the standard:
- Pass quarterly vulnerability scans conducted by a PCI Council "qualified independent scan vendor" such as Rapid7. NeXpose PCI Compliance and our Professional Services resources can provide this independent scan and produce the certified document for your records.
- Complete a security self-assessment questionnaire that asks you about your internal security practices, both on the Web and on your internal network. Rapid7 can assist with the completion of this questionnaire.
Rapid7 is Ready to Help
Rapid7 has successfully completed the PCI Council Approved Scanning Vendor Compliance Testing Program, which certifies us to help merchants achieve compliance with the Payment Card Industry (PCI) Data Security Standard.
NeXpose PCI Compliance provides scan templates and reporting capabilities that meet or exceed the MasterCard SDP specifications for system security scanning. The PCI Standard compliance report provides pass/fail information at both executive and administrator detail levels. A complete remediation plan is provided that enables security analysts to bring their system devices into full compliance with the PCI Standard.
Rapid7 PCI Certification Services
With its certification in the PCI Council Approved Scanning Vendor Compliance Testing Program, Rapid7 can help merchants comply with the Payment Card Industry (PCI) Data Security Standard, the standard endorsed by Visa (Cardholder Information Security Program (CISP)), MasterCard, Discover, Diner's Club, and American Express. Rapid7 PCI Compliance services include:
- PCI audit report and automated scans on a quarterly, scheduled basis;
- Rapid7 Remediation Plan and Report with detailed step by step instructions for vulnerability remediation to attain full PCI compliance;
- Rapid7 PCI Professional Services Review;
- Rapid7 PCI Assessment Checklist completion for PCI certification.