 |
Merchants, Service Providers, Point-of-Sale Providers and Acquiring Institutions from around the world depend on DRG to help them successfully minimize security risks and comply with Payment Card Industry requirements.
|
|
|
Onsite Assessments |
DRG provides onsite security assessments and PCI validation services for Merchants and Service Providers to meet their initial and annual PCI compliance requirements. |
|
|
Remediation |
DRG's depth of experience paired with its comprehensive remediation services offering helps companies implement effective risk reduction programs. |
|
|
Network Scans |
DRG's fully automated vulnerability scanning service, SecureScan, provides merchants and service providers with a simple and cost-effective way to identify and remediate perimeter vulnerabilities as required by PCI DSS. [more] |
|
|
PA-DSS Validation |
By providing security testing and documentation review services for payment application software developers, DRG helps to ensure POS applications comply with PCI requirements. [more] |
|
|
Penetration Testing |
In accordance with PCI DSS requirement 11.3, DRG provides annual services utilizing a comprehensive set of tools for network and application layer penetration tests. |
|
|
PIN Security |
DRG provides PIN security audits that meet the Visa PIN and ATM network TG-3 requirements. DRG's security expertise can guide customers in the secure management processing and transmission of Personal Identification Number (PIN) data during online and offlien payment card transactions processing at ATMs, and attended and unattended point of sale (POS) terminals. |
|
|
DRG is approved by the PCI Security Standards Council (SSC) as a Qualified Security Assessor (QSA), Approved Scanning Vendor (ASV) and Payment Application - Qualified Security Assessor (PA-QSA). [learn more]
|
|
|
Announcements
|
|
|
PA-DSS replaces PABP
Effective October 1, 2008, the PCI SSC takes over the Payment applications security validation process under the Payment Applications - Data Security Standard (PA-DSS). Software developers who are looking for ensuring their applications are developed in accordance with the best security practices to protect their merchants should be aware of the importance of PA-DSS. DRG has been a Qualified Payment Applications Security Company (QPASC) under the current Visa PABP program since 2005, and has recently applied to be credentialed as a PA-QSA.
To learn more about the PA-DSS program, please contact your DRG security consultant or email us at pci@drgsf.com.
|
|
|
WAF or Code Review Required June 30th
Effective June 30, 2008, PCI Data Security Standard (DSS) Requirement 6.6 becomes effective, requiring that all web-facing applications are protected against known attacks by either of the following methods:
• Having all custom application code reviewed for common vulnerabilities by an organization that specializes in application security.
• Installing an application-layer firewall in front of web-facing applications.
For more information on how your company can meet this new requirement, contact your DRG security consultant or email us at pci@drgsf.com.
|
|
|
February 6, 2008
PCI SSC announces updated SAQ for merchants and service providers. Understand the impacts to your business.
|
|
