Payment Card Industry Compliance - PCI from VeriSign, Inc.

The Payment Card Industry (PCI) Data Security Standard was created by major credit card companies to safeguard customer information. Visa, MasterCard, American Express, and other credit card associations mandate that merchants and service providers meet certain minimum standards of security when they store, process and transmit cardholder data.

Contact Us

VeriSign was one of the first assessors to conduct PCI onsite audit and scanning services under the Visa Cardholder Information Security Program (CISP) and MasterCard® Site Data Protection (SDP) program. We are an approved vendor of credit card security assessment and certification. Select any one of the services below for more information or contact sales.

Requirements

These solutions help you address PCI standards.

Required Controls	Applies To	How VeriSign Helps
Requires annual assessment for Level 1 (large) merchants, annual penetration testing and application testing Level 1 and 2 service providers.	Merchants, service providers, and banks	Enterprise Consulting Assessments
Requires logging of all access to credit card data.	Credit card processing systems	Firewall Management Service
Requires quarterly scans and annual penetration tests. External scans conducted by an approved vendor. Requires alerts.	Credit card processing systems and network devices	Technical Security Assessments Vulnerability Management Service
Requires host and/or network intrusion detection or prevention.	Credit card transmission networks, processing and storage systems	Intrusion Detection Management Service (IDS)
Requires an appropriately configured and managed firewall.	Firewalls providing access to credit card processing and storage systems	Firewall Management Service
Requires two-factor authentication	Remote access to credit card processing environments	Unified Authentication
Requires 128-bit SSL encryption and effective management of crypto key transmission and storage.	Databases, Web servers and applications that store or process credit card data	Managed PKI for SSL

Best Practices

These solutions address industry best practices that can augment the above required controls.

Key Controls	Applies To	How VeriSign Helps
Applications must be developed appropriately and tested	All credit card processing applications	Security Certification Program Technical Security Assessments
Respond quickly and effectively to incidents	Databases, Web servers and applications	Incident Response and Forensics
Awareness and protection against the latest threats	Credit card transmission networks, processing and storage systems	iDefense Security Intelligence Services

Learn More

Visa Cardholder Information Security Program	Links to Visa Web site for more about PCI compliance requirements as well as the Payment Applications Best Practices program
MasterCard Site Data Protection Program	Links to MasterCard Web site for more about PCI scanning requirements
Enterprise Compliance Solutions for the Payment Card Industry	A review of PCI data security standards and VeriSign PCI compliance solutions for merchants, Levels 1-4