PCI DSS stands for Payment Card Industry Data Security Standard. It is a security information standard established by 6 major card companies, including Visa, MasterCard, American Express, Discover, JCB, and UnionPay. Its purpose is to assist organizations, companies, and businesses that accept credit card payments in preventing fraud resulting from credit card transactions by controlling standards for card data storage, processing, and transmission. Credit card brands other than these 6 are not covered by the PCI DSS standards. This standard is governed by the Payment Card Industry Security Standards Council.
Which the examination of this standard will take place every year by independent auditor (Qualified Security Assessor (QSA))
✪ Ref: www.omise.co
Why PCI DSS is Important to you?
PCI DSS purpose is to protect card data from attackers and perpetrator. You can keep your data secure, avoiding costly data breaches, and protecting your employees and your customers in compliance with PCI DSS requirements.
THE KEY STRENGTH OF BBSEC
LANGUAGE SUPPORT
ENGLISH / JAPANESE
KOREAN / THAI
PCI DSS MARKET
KOREA NO.1
JAPAN NO.3
CONSULTING
KNOW-HOW
MARKET EXPERIENCE
SOUTHEAST ASIA
CENTRALIZED
ASSESSMENT
BACK DATA
VARIOUS ENTERPRISE
LEVEL ASSESSMENT
EXPERIENCE
BBSEC PROFESSIONAL RESOURCES
CISSP 18
CISA 22
CGEIT 1
CRISK 1
CISM 11
CPSA 4
QSA 31
3DS 2
AQSA 6
P2PE 2
GCFA 2
GCIH 1
GCFE 2
PCI‐DSS Compliance Process
Gap Analysis
- Document review
- Manager interview
- PAN data flow check
- Report on base in analysis
Scoping & Structuring
- Scoping assessment area
- System improvement
- Process, Policy improvement
- Review and update documents
3. On‐site Assessment
- On-site assessments
- ROC (Report on Compliance)
- AOC (Attestation of Compliance)
PCI DSS Certification
- PCI DSS Compliance and practices to maintain the process in accordance with standards for the next audit
PCI CPSA
Card Production Security Assessor (CPSA) is security organizations that have been qualified by the Council to validate an entity’s adherence to the PCI SSC.
The PCI CPSA assessment process
Card Production Logical Security and/or Physical Security Standards will cover systems, business processes, and activities associated with card production and provisioning.
CP SECURITY ASSESSMENT WHICH COVER
Card Manufacturing
Chip Embedding
Personalization
Fulfillment
Mailing
Packaging
Shipping
Storage
PIN Printing
HCE
The assessment process
PREPARATION
- Physical / Logical environment inspection
- Preparation and defining the scope
- Brand compliance verification
- Current ROC check and schedule adjustment
ASSESSMENT
- On‐site Assessment
- Standard documentation process
- Compliance list check
- Assessment report
SUBMISSION
- ROC & AOC report
- Report quality guaranteed by QA team
- Submit document
SWIFT is a global membership association for financial institutions to realize international settlement . SWIFT provides a financial messaging format standard and platform for messaging, currently used by more than 11,000 entities in more than 200 countries and territories .
The ability of the SWIFT system can send more than 40 million messages per day. Supports multi-trillion dollar money transfer exchanges. both between the business sector as well as between the governments of each country.
Entities using this SWIFT are required to conduct an external or internal assessment annually to ensure they meet the requirements of the SWIFT CSCF ( Customer Security Control Framework ) . As the first Japanese (domestic) company to be certified as a CSP assessment provider , BBSec utilizes the know-how we have cultivated so far to support SWIFT CSCF compliance for domestic and overseas business entities.
BBSec registered in Swift partner program to provide the consult with international qualifications such as QSA and CISSP as well as consultants with high IT skills will support your compliance. With the scope of compliance as follows.
SWIFT ASSESSMENT PROCESS
ONSITE ASSESSMENT
CHECK CONFIGURATION OF SWIFT INFRA AND NETWORK
- CONFIRM SWIFT ASSESSMENT SCOPE
- INTERVIEW, CHECK DOCS AND DEVICES
- CHECK REQUIRED CONTROL IS SATISFIED
LIST REMEDIATION
AFTER THE ASSESSMENT SWIFT CSCF IS SATISFIED ALL OK
- NOT SATISFIED THEN REMEDIATION REQUIRED
- REMEDIATION ACTION BY CLIENT THEN CONFIRM
- SWIFT EXTERNAL ASSESSMENT REPORT
SWIFT REVIEW SUPPORT
IF ADDITIONAL ACTION REQUIRED ON THE EXTERNAL REPORT
- VERIFY AGAIN THE REQUIRED CONTROL
- NEEDS WITHIN 6 M AFTER ASSESSMENT
- NOTIFY RESULT TO CLIENT AND SWIFT