The Green Sheet Online Edition
May 25, 2015 • Issue 15:05:02
Automated pen-testing, PAN scanning
Conformance Technologies, a business compliance management and data protection services company headquartered in Las Vegas has created the Cyber Attack Readiness ToolKit. The simplified and automated resource is designed to help small and midsize merchants meet a new set of guidelines issued in April 2015 by the PCI Security Standards Council, which mandate penetration and PAN (performance assessment network) testing for this group of merchants, who were previously excluded from the requirement.
Payment Card Industry (PCI) Data Security Standard (DSS) 3.1 Requirement 11.3 clarifies the intent of penetration testing, which, the standard states, is designed to "verify that all out-of-scope systems are segmented (isolated) from systems in the [cardholder data environment] CDE." Merchants of all sizes have been instructed to move away from flawed SSL and TLS protocols and provide exacting detail on how they will update and secure online processing systems.
Conformance Technologies President Darrel Anderson described PCI 3.1 Requirement 11.3 as more prescriptive and specific than previous versions, which can be daunting for small merchants. Anderson pointed out that many small business owners have little understanding of how to comply with the new PCI guidelines, and they lack the means or budget to hire an outside consultant to perform these tests or to do the testing in-house.
Affordable, high quality validation and compliance
"I wanted to give merchants the same high quality compliance report that meets all requirements, passes all standards, where merchants can be tested and validated by an external authority, for considerably less," Anderson said. He and his team of security analysts created a secure and self-directed online portal with clear language and a simplified user interface, he noted.
Merchants can enter relevant data at their own pace, which is then forwarded to Conformance Technologies' security specialists for analysis and validation. This data is manually tested by professional security engineers whose responsibility it is to expose inherent vulnerabilities or threats in merchants' online processing environments.
Compliance resource, educational benefits
According to Conformance Technologies, in addition to helping merchants achieve compliance, the Cyber Attack Readiness ToolKit is an educational resource that simulates cyber attacks that merchants face every day in their real-world processing environments. And understanding the nature of these attacks can help merchants take proactive measures to strengthen and secure their processing systems.
Anderson recommended the Cyber Attack Readiness ToolKit as a resource for ISOs and merchant level salespeople for protecting their merchants, many of whom could lose their businesses in the wake of a security data breach. "That's why putting the Cyber Attack Readiness ToolKit to work is important, not only for these businesses, but for merchant portfolio operators as well," he said.
Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.