The Increasing Need for PCI Compliance

The need for online transactions continues to grow and as such, an increasing number of businesses must become PCI compliant. Consumers expect to be able to buy electronically in nearly every capacity from self-serve kiosks and credit-accepting vending machines to cell phones that can be used to purchase items through barcodes and NFC (Near Field Communications) applications. To enable these services, while keeping customer data safe, businesses handling credit card information must adopt more effective data protection measures and readily be able to prove PCI compliance.

PCI-Related Penalties

The penalties for non-compliance range from potential fines of up to $500,000 per incident for security breaches and between $5,000 and $100,000 per month for PCI violations. Banks will pass fines downstream until it eventually hits the non-compliant company. Additionally, banks could increase merchant transaction fees or terminate merchant relationships if a company is non-compliant.

How eEye Helps with PCI Compliance Requirement 6

To meet PCI DSS requirement 6, you must adhere to specific rules around “…developing and maintaining secure systems and applications.” Are you meeting this and other PCI requirements as effectively as possible? For a complete requirement-by-requirement guide, download this whitepaper: Reduce the Cost of PCI Compliance.

eEye simplifies compliance to PCI requirement 6 by identifying all hardware and software vulnerabilities within your network and mapping those weaknesses to the specific control mandates of PCI. This allows you to easily prioritize and mitigate vulnerabilities, as well as report on progress in the exact terminology of PCI DSS.

• Vulnerability Assessment: Non-intrusive, network-based, on-host vulnerability scanning to reduce risks exposed by vulnerabilities, improper configurations, and system/configuration weaknesses.

• Vulnerability Mitigation: Scoring of vulnerabilities by risk, prescriptive remediation, and integrated patch management to save time for resource-strapped security departments.

• PCI Reporting: eEye is a PCI ASV providing both industry-standard PCI reports and advanced trending and delta reports with drilldown capabilities such as PCI Severity by Month, PCI Severity Delta by Month (contains added, removed, and existing vulnerabilities by month), and PCI Scorecard.

Comply with eEye

• Internal Vulnerability Assessment and Management with Retina CS: Centralized Security Management enables a single view of security risk information within the IT environment – across all locations and assets.

• PCI Reporting with eEye's PCI Report Pack: Automated PCI reporting maps vulnerability and configuration audits to PCI requirements to eliminate costly manual processes of extracting raw data into security and compliance reports.

• External Vulnerability Assessment with Retina Cloud: Cloud-based security and compliance services including external Payment Card Industry (PCI) scans that enable you to remain in compliance with the PCI DSS, one of the industry’s most stringent regulations.

eEye is an approved scanning vendor (ASV) by the PCI Standards Council.