Managed PCI Compliance Service

Take your PCI Compliance to the next level so your business doesn't appear in the headlines.  MJJT Consultants offer services that guide you to meet the requirements of being PCI compliant.

These are the essential requirements of the PCI DSS

The specific measures necessary to secure these elements depend on factors such as how the businesses process card payments and whether it accepts payments online. The PCI council identifies these quick steps as necessary for most businesses to meet PCI compliance standards.

Install and maintain a Firewall configuration to protect cardholder data

To join multiple networks together a router is needed. To keep people outside of your network from breaking and entering into personal areas, a firewall prevents that from happening.

Do not use vendor-supplied defaults for system passwords and other security parameters 

Hackers can use a list of default passwords to attack your system.  If you don't want to be vulnerable to exploits change the default settings and passwords as soon as you can.

Compliance/Training

In most cases, businesses do not safely protect Personally Identifiable Information (PII). With many newly enacted laws, you might be responsible for any damages and fines caused by not complying and/or leaving your business vulnerable.

The biggest vulnerability in business is humans, humans make mistakes and training them will make them aware of their mistakes and will lead to saving time, errors, and your business.

Protect stored cardholder data

The data on the card should never be put into storage.  Anything that does get stored should be immediately encrypted. 

Encrypt transmission of cardholder data across open, public networks

Whenever transmitting cardholder data across open, the public network makes sure to use strong encryption for both authentication and data transmission. 

Protect all systems against malware and regularly update antivirus software or programs

There are plenty of ways that a business can be maliciously attacked.  Most attacks are done through email or web browsing.  Antivirus and anti-malware programs help with detecting unknown malicious software.  

Develop and maintain secure systems and applications

If your system has weak security it will be exposed to multiple threats.  To prevent any critical threats updates should be done regularly because they help solve problems.  

Restrict access to cardholder data by business need to know

While dealing with cardholder data employees only get the extent of privileges and amount of data to conduct their projects.  There should be zero trusts integrated into any access control system.  

Identify and authenticate access to system components

Everyone who has access to a critical system should have a unique user ID.  Their activities should be tracked so that they can be monitored and verified.  

Restrict physical access to cardholder data

Physical access to stored data could lead to opportunities for theft.  To be PCI compliant and reach compliant hosting requirements, the data should always be restricted to physical access.

Track and monitor all access to network resources and cardholder data

Tracking and monitoring all access to network resources and cardholder data not only helps you prevent being vulnerable but you can know where and how suspicious activities are occurring.

Regularly test security systems and processes

Security systems have to be tested as often as possible.  By doing so, your system will be more secure in the long-term. 

Maintain a policy that addresses information security for all personnel

Everyone in the personnel should know their jobs and responsibilities.  They should all be aware of suspicious activities and well-equipped to prevent them.