PCI QSA Services
What atsec offers
atsec (Beijing) Information Technology Co., Ltd (“atsec China” for short) is accredited as a Qualified Security Assessor (QSA) by the Payment Card Industry (PCI) Security Standards Council (SSC). Currently atsec China provides the PCI QSA service for the following markets: Canada, Europe, USA, and Asia Pacific.
As an accredited QSA, atsec China performs PCI on-site security assessments for merchants, banks, and service providers—including third party processors and data storage entities—who process credit card transactions.
The PCI Data Security Standard (DSS) is a multifaceted security standard that includes requirements for security management, policies, procedures, network architecture, software design, physical security and other critical protective measures.
The PCI SSC has assumed responsibility for the QSA program previously operated separately by Visa as the Cardholder Information Security Program (CISP) or Account Information Security (AIS).
Why our services are important to you
For level 1 merchants, service providers and others, an annual audit by a QSA is mandatory.
The five founding members (American Express, Discover Financial Services, JCB, MasterCard Worldwide, and Visa International) have adopted the PCI DSS as the technical standard for their data security compliance programs. Each founding member recognizes the QSAs certified by the PCI SSC as qualified to validate compliance to the PCI DSS.
PCI Consulting Services
What atsec offers
atsec offers a full range of consulting services to support your organization in achieving mandatory compliance with the PCI DSS. Our consultants have detailed and expert experience in each of the twelve requirement areas and can help you develop policies and procedures, and also assess your compliance with the standard in the following areas.
- Install and maintain a firewall configuration to protect cardholder data
- Do not use vendor-supplied defaults for system passwords and other security parameters
- Protect stored cardholder data
- Encrypt transmission of cardholder data across open, public networks
- Use and regularly update anti-virus software
- Develop and maintain secure systems and applications
- Restrict access to cardholder data by business need-to-know
- Assign a unique ID to each person with computer access
- Restrict physical access to cardholder data
- Track and monitor all access to network resources and cardholder data
- Regularly test security systems and processes
- Maintain a policy that addresses information security
Why our services are important to you
Credit card information theft is on the rise. Credit card companies want to reduce their losses, and customers want their personal data to be protected. Regardless of whether your organization is required by the card brands to complete a formal audit, if you handle credit card transactions, then you must comply with the PCI DSS and complete self-assessments or QSA assessments. In establishing the PCI SSC, the major credit card companies have signaled that they intend to follow a common standard, requiring compliance based on the common set of security requirements defined in the PCI DSS.
For more information
For more information about this service, please contact us at info_cn@atsec.com.