PCI DSS Certification. Fast and easy security compliance

Transcription

1 PCI DSS Certification Fast and easy security compliance InfoPulse A part of the Partner Nordic IT group EVRY

2 Company brief BMS Consulting is established as IT system integrator since 1997 Leading positons in Eastern Europe country Product portfolio IT Security Clouds, Migration and IT Support Business software development Internal processes are certified according to the quility requirements of ISO 9001 international standard 60+ technology partners around the world Our honorable clients: 80+ certified engeneers and consultants 500+ projects in government, industry, banking and telecom sectors InfoPulse A part of the Partner Nordic IT group EVRY

3 200+ Employees 60+ Vendors InfoPulse A part of thepartner Nordic IT group EVRY

4 PCI DSS Certification Brif description PCI DSS is an international standard on securing payment cardholders data which is established and controlled by VISA, MasterCard, JCB, Discover and AmEx. Consists of 12 high-level requirements which drills-down to more than 200 control procedures. Each company that is subject to compliance is obliged to pass annual certification audit and provide Report of Compliance and Attestation of Compliance. BMS Consulting is Qualified Security Assessor and Approved Scanning Vendor and can provide full set of services related to PCI DSS Compliance in Europe (EU and non-eu), Middle East and Africa. BMS Consulting benefits 7 years of experience Multilingual team 100 technical professionals in Cybersecurity, Databases, IT infrastructure, Business Applications and processes. Full set of related services: Security policies development Penetration testing Vulnerability assessments WiFi assessment Web applications assessment IT integration and support Detailed reporting, recommendations and support for remediation All recommendations are based on leading solutions as well as opensource options Who will need it Banks: Acquirers Card issuers Card Processors Third-party payment card processors Service providers: Datacenters Payment gateways Data storage services InfoPulse Partner Merchants that accept cards A part of the Nordic IT group EVRY Stores, gasoline stations, hotels, restaurants Any business that rely on payment card transactions

5 PCI DSS Certification Process Consulting support Pre-audit (onsite assessment) Vulnerability assessments (ASV scanning, internal scanning, Wi-Fi scanning) Certification audit (onsite assessment) PCI DSS CERTIFICATION Penetration tests Remediation (Project Portfolio, Remediation Plan/Actions) Documentation design InfoPulse A part of the Partner Nordic IT group EVRY

6 PCI DSS Value Project Results Report on preliminary audit Remediation implementation plan PCI DSS Security Policies and Procedures pack Reports on mandatory activities ASV scan (quarterly) Internal Vulnerability scan(quarterly) Internal and External Penetration test (annually) Wifi Scan (quarterly) Web Vulnerabilities Scan (quarterly) Report of Compliance Attestation of Compliance Certificate of Compliance Pricing Simple preliminary audit (less than 5 sites) EUR Simple certification audit (less than 5 sites) EUR Additional sites (per site) EUR Security Policies and Procedures pack EUR Additional services (price per year for 100 IP objects scanned): ASV scan EUR Internal Vulnerability scan EUR Internal and External Penetration test EUR Wifi Scan EUR Web Vulnerabilities Scan EUR InfoPulse A part of the Partner Nordic IT group EVRY

7 GlobalMoney About customer GlobalMoney international payment system, which is legally working with electronic money. Global Money offers convenient cheap payment methods for mobile communication, Internet, utility and other services. Payment within the system no commissions for regular users. For input and output of money from the system the lowest commission in Ukraine. Client can pay bills using the Internet access as well as trough network of partners. Problem solved To operate as global provider of electronic money and offer it s customers services based on payment cards GlobalMoney were required to successfully pass PCI DSS Certification. Compliance is crucial for company s business. Top management of the company understood that client s data security is very important factor that directly influence their market reputation and client s trust. GlobalMoney chose BMS Consulting QSA team as main auditor through open tendering procedure. Our solution BMS Consulting offered full scope of services to acomplish PCI DSS compliance: Preliminary audit Remediation planning and implementation Penetration testing ASV and internal vulnerability scan WiFi scan Documentation development and implementation of security controls Certification audit Thank to BMS Consulting support GlobalMoney confirms PCI DSS compliance 5th year in a row. Reference We appreciate BMS Consulting for demonstrating high level of competence and expertise during project realization and we hope for successfull cooperation in future, InfoPulse Partner A part of the Nordic IT group EVRY Eugen Tyutyun, General Manager

8 UniCreditBank About customer UniCredit Bank is one of the largest multifunctional banks of Ukraine, offering its clients a full range of actual services in both individuals and corporate clients segment. The widespread network of UniCredit Bank consists of 435 branches. Bank staff consists of the best specialists at the country s market and totals employees (as for 01 December 2013). Problem solved UniCreditBank as one of largests card acquiring and issuuuing banks in country has received the requirement of PCI DSS compliance form VISA in Sience then bank started it s PCI DSS compliance program and during has changed several Qualified Security Assessors trying to complete its infrastructure assessment in most effective way. BMS Consulting started its work as QSA in 2009 and in three years due to joint efforts of bank and BMS Consulting team in 2012 bank received Certificate of compliance. Our solution BMS Consulting offered full scope of services to acomplish PCI DSS compliance: Preliminary audit Scoping and Sampling Remediation planning and implementation Penetration testing ASV and internal vulnerability scan WiFi scan Documentation development and implementation of security controls Certification audit Reference Success of this project become possible due to the use by auditors and consultants flexible and proven approaches, high competence of the working group, coordinated work and focus on results. V.Korelov, Head of security department InfoPulse Partner A part of the Nordic IT group EVRY

9 Our accreditations Qualified Security Assessor More than 20 PCI DSS Certifications First certificate issued 2009 Top 10 Ukrainian bank hold our certificates Authorized Scanning Vendor Global coverage More than 20 clients on continuous subscription Customer s support and consulting included InfoPulse A part of the Partner Nordic IT group EVRY

10 Our competences and experience Our team Our experience 18 years on the market Success in CyberSecurity projects for more than 13 years PCI DSS QSA since 2009 More than 20 issued certificates 80% certified clients stay with us for more than 3 years BMS Consulting strengths Multilingual team Strong support of IT and CyberSecurity professionals Flexibility Understanding customer needs and challenges Complex approach InfoPulse Partner A part of the Nordic IT group EVRY

11 YOUR COMPANY NAME HERE InfoPulse A part of the Partner Nordic IT group EVRY

12 Thank you for attention! 12