PCI DSS Compliance - Cribb Cyber Security

LAST week we engaged in a spot of (early) Festive fun, with more of that to come. For now though, we are very much back in (semi-) serious cyber security mode with a look at CRIBB Cyber Security’s PCI DSS Compliance service.

CHRISTMAS comes but once a year, but cyber-criminal activities are a lot more frequent. As such, we here at CRIBB Cyber Security are delighted to have spoken recently with Patrick Carolan about one of the fantastic services we can offer.

PCI DSS

I think that PCI DSS Compliance is of huge importance given the fact that it concerns credit card payments”. So began Patrick when asked for a brief summary. He went on to then say that “any company dealing with card payments must ensure they are hosting data securely with a PCI compliant hosting provider or system”.

GAVE during a very busy period for Patrick, who as a certified DPO often finds himself on call 24/7 at times, the following interview was very short and very to the point – enjoy!

YOU have been in cyber security for a long time now Patrick, but we haven’t. Could you please then tell us what PCI DSS stands for?!

MY word, you mean you don’t know?! Of course: The Payment Card Industry Data Security Standard.

HEART in mouth moment that, I wondered myself for a split second!”.

BUT is it true that all companies dealing with card payments need to be compliant?

THE answer is yes. Generally speaking, credit card companies require compliance to make online transactions secure and protected against identity theft”.

VERY wise indeed, so what can you and the experts at CRIBB Cyber Security do to help with this?

NEXT to nothing. I’m joking, of course! We can help in lots of different ways. For example, we can run an official PCI DSS vulnerability scan remotely on payment gateways, firewalls and relevant systems. We’ll then use the findings from that to generate a PCI DSS approved report for your bank or merchant provider.

A role in cyber security means answering lots of questions

DAY after day you must be inundated with questions about everything from PCI DSS to DPO. Then there is Cyber Essentials and Penetration testing, too. The question is, how are you able to cope?!

YOU tend to get used to it really. I’ve been doing this for a long time so it’s easy for me to switch between the different hats you have to wear. There was a piece of advice that… who was it… I think it may have been Conor (Byrne, co-founder of theICEway). He…

GAVE me… That’s it. It was this; basically, know your subject. And if that means knowing a lot of different subjects within that, then that’s what it means. So I try to know everything I can, I study at weekends and during the evenings and if you work hard enough, it pays off. Not just for you, but also for the companies you are helping. That’s the most important part.

IT is, well said. So how else can CRIBB Cyber Security help with PCI DSS Compliance?

AWAY from the vulnerability scan I mentioned, we can also conduct a PCI review. A PCI review establishes whether or not self-assessment is sufficient. We can also then offer guidance and assistance with that SAQ. Ultimately our clients can achieve their PCI DSS certificate in that manner.

THIS is great but are there any other key points you’d like to share on the subject of PCI DSS Compliance?

YEAR, there are…”
(In a ‘mockney accent’)

TO what end are you speaking that way, Patrick?!

SAVE my soul!

ME, I’m a bit of a joker at times – can’t you tell? – but when it comes down to it, I do know when to focus.”

FROM your experience then, what is it about the CRIBB Cyber Security PCI DSS Compliance service that really makes it stand out?

TEARS are certainly not the order of the day with us. I think organisation and planning are vital, and we make sure to carry out an expert on-site PCI Review – this initial service really does help to establish exactly what you need.

I’LL then vouch for our official DCI PSS scan of the primary payment gateway which leads to a full report showing the weaknesses, which is a significant element of GDPR compliance and Information Governance initiatives.”

GIVE us just a little more information on this if you will…

IT really comes down to whether or not you are looking for a robust and comprehensive service. If you are, we can help.

TO summarise, we offer a full technical IT, policies and procedures review with a comprehensive report – which is required by the PCI Security Council, that is very important to keep in mind. Once you have worked with us on this, you will be PCI DSS compliant for your acquiring bank or banks, you will have access to an experienced consultant who will be sure to eliminate risks and you’ll also have an annual contract for scans and services.”

SOMEONE once said that it’s better to be safe than sorry; what would you say to a company who were considering not looking into this in a serious way?

SPECIAL services are required in the ongoing battle against non-compliance, and we do our utmost here as part of theICEway to ensure that all our clients are as well-prepared as they can be. Ultimately, with our solution, you will get a fully Government approved assessor who will be your senior consultant, imparting knowledge that will help you to protect your business, your customers and your staff.”

Glossary

DPO – Data Protection Officer; independently responsible for ensuring that a company applies the laws set out within data protection acts (including GDPR).

SAQ – A self-assessment questionnaire.

Top Tip

The experts at CRIBB Cyber Security – Patrick included – are more than happy to offer advice and help, with a wide range of cyber security-related products and services available.