Any organization that processes, transmits or stores payment card information should conduct PCI-DSS security technical audits. That is why financial entities, e-commerce platforms or applications that manage payments must perform these technical audits to adapt to the standard on a regular basis.
In addition, the infrastructure subject to PCIDSS should be reviewed exceptionally when it undergoes significant changes.
Tarlogic performs scans of internal and external vulnerabilities on PCI infrastructure using certified scanning providers (ASV) and provides technical advice to correct the identified weaknesses.
Quarterly PCI DSS Audit – ASV
PCI requires quarterly audits of the infrastructure. These quarterly security reviews shall comply with defined modalities:
- External review using ASV: Security audit of systems exposed to the Internet where PCI applies. This audit includes web applications (e-commerce portals, transactional webs, ..) and security revision of the services associated to the IP addresses of the infrastructure. Tarlogic uses ASV solutions (approved scan providers) authorized by PCI.
- Internal review: Internal audit of the system, reviewing security of services, patches and security mechanisms deployed.
Annual Penetration Test
On an yearly basis, or after a change on the infrastructure that supports payment management and card processing, it is required to perform a penetration test with a broader scope.
The penetration test is performed according to the guidelines of the NIST 800-115 standard, encompasses the following area:
- PCI external security test: Performed with temporary exceptions in the perimeter security elements to adequately analyze the security level of computer systems.
- Internal security test PCI: Carried out from different network segments with different levels of privileges (vlanes or wireless networks) on internal systems.
- PCI WiFi Test: Identifying and geolocating any WiFi emission devices in the perimeter of the organization and the data center where the systems compliant to PCIDSS reside.
Get in touch with Tarlogic to audit your PCI infrastructure and protect your business applications.