PCI DSS Security Audit - PCI Infrastructure Security Reviews
Performing technical audits to adapt to PCI DSS payment regulations
Performing technical audits to adapt to PCI DSS payment regulations

The PCI DSS Security Audit is a mandatory requirement established by the PCI standard, in its section 11.3. Through the PCIDSS technical audit, the Tarlogic cybersecurity team verifies the adequacy of the security technical controls to ensure the processing of payment data.

Any organization that processes, transmits or stores payment card information should conduct PCI-DSS security technical audits. That is why financial entities, e-commerce platforms or applications that manage payments must perform these technical audits to adapt to the standard on a regular basis.

In addition, the infrastructure subject to PCIDSS should be reviewed exceptionally when it undergoes significant changes.

Tarlogic performs scans of internal and external vulnerabilities on PCI infrastructure using certified scanning providers (ASV) and provides technical advice to correct the identified weaknesses.

Seguridad en ecomercio electrónico

1

Quarterly PCI DSS Audit – ASV

PCI requires quarterly audits of the infrastructure. These quarterly security reviews shall comply with defined modalities:

  • External review using ASV: Security audit of systems exposed to the Internet where PCI applies. This audit includes web applications (e-commerce portals, transactional webs, ..) and security revision of the services associated to the IP addresses of the infrastructure. Tarlogic uses ASV solutions (approved scan providers) authorized by PCI.
  • Internal review: Internal audit of the system, reviewing security of services, patches and security mechanisms deployed.

2

Annual Penetration Test

On an yearly basis, or after a change on the infrastructure that supports payment management and card processing, it is required to perform a penetration test with a broader scope.
The penetration test is performed according to the guidelines of the NIST 800-115 standard, encompasses the following area:

  • PCI external security test: Performed with temporary exceptions in the perimeter security elements to adequately analyze the security level of computer systems.
  • Internal security test PCI: Carried out from different network segments with different levels of privileges (vlanes or wireless networks) on internal systems.
  • PCI WiFi Test: Identifying and geolocating any WiFi emission devices in the perimeter of the organization and the data center where the systems compliant to PCIDSS reside.

Get in touch with Tarlogic to audit your PCI infrastructure and protect your business applications.

Interested in any of our services?