PCI DSS: the shield to protect against bank data leaks
XMCO supports you in your PCI DSS certification project by providing you with a set of tools and advice.
-
1 – Context taking
-
2 – Sensibilization
-
3 – Meeting
-
4 – Findings
The GRC team supports you in this challenge
The team monitors compliance actions on a daily basis and helps you draft the mandatory documents
-
Monitoring of compliance actions on a daily basis
XMCO can intervene throughout the compliance process to:
• Follow the evolution of construction sites
• Respond to structuring questions
• Popularize and explain certain requirements
• Guiding and validating technical and organizational developments
• Contact your bank to summarize the actions in progress
• Perform technical checks (PanBuster, configuration review, etc)…
-
Awareness and training of your teams
XMCO can also work with your teams to make them aware of the challenges of the PCI DSS standard and also to train developers in secure development methods. This training aims to give you the keys to secure development methods to meet the 6.5.x requirements of the standard (XSS, SQL Injection, error management, etc.).
-
Internal and external penetration tests
XMCO offers to carry out the external and internal penetration tests required by the PCI DSS standard (11.3.x requirements). These tests will be conducted in black box and gray box to simulate the different types of populations with access to the environment (unauthenticated attacker on the Internet, external client, internal employee, platform administrator).
-
Segmentation test
The objective is to demonstrate the effectiveness of the isolation and filtering mechanism(s) put in place to separate the CDE (Cardholder Data Environment) equipment from other internal networks. We will carry out these tests according to different locations (outside the CDE, from the servers connected to the CDE, from the VLAN of the administrators, etc.).
-
Documentation writing
We offer assistance in drafting the expected documentation so that it can be presented during the certification audit.
On to the last step: certification
Our team uses its own tools to best support our customers.
-
Fgraph
Audit of network flows -
Portail PCI
Workflow for monitoring actions and non-conformities -
PANBuster
Finding Card Number Leaks -
Snap
Audit of system configurations (Linux, Windows, etc.)
You are in good hands
XMCO certifies over 45 companies every year
-
“Security should not be a brake but a business accelerator.”
What made the difference compared to other PCI players was the understanding of our business and its challenges, but also the technical knowledge of XMCO consultants. We have been able to establish a relationship of trust and we benefit from a personalized approach and a strong reactivity on their part.
Grégoire Maux
Head of Operational Security Team – Monext
-
“This certification is an important strategic asset by reassuring our customers.”
We are very satisfied with the support, the audit, the risk-oriented approach and the practical recommendations. In addition, we work in a secure way: their portal is a real gain in time and readability. The bonus is being able to work with a French market player!
Sarah Letri
IT Compliance Manager – CDiscount
-
“Being PCI DSS certified is inherent to our business model”
With XMCO we have constructive dialogues, feedback from competent consultants. All recommendations and justifications are relevant. It’s quite pleasant!
Arthur
Security Engineer and PCI DSS Manager – PayPlug
-
“PCI DSS by design!”
We have chosen, from the outset, to be accompanied by XMCO on the PCI DSS, the level of service is excellent and we always have relevant explanations.
Franck Mechineau, CEO and Co-founder and Christophe LeCoq, CISO
VoxPay
-
“As early as 2007, we identified the strategic dimension of PCI DSS certification”
XMCO employees supported us in transforming this issue into a decisive competitive advantage at the global level. They accompany our teams to satisfy the high level of certification of the standard. Their global vision of the protection of sensitive data, combined with their technical mastery, have acted as a catalyst for the energy of all our employees.
French Key Account
Any questions ?
-
What types of companies can you help?
Thanks to its expertise and pragmatic vision, XMCO has gained the trust of many players in all areas: Payment Service Providers (PSP), Hosting and outsourcing providers, E-payment gateways, Call centers, e-merchants, Online games, Retail, Travel operators, SaaS software, GDS
-
Can you help me define my scope?
Of course, through a scratch analysis, we will define the certification scope with you, and we will do our best to reduce it as much as possible.