Payment Card Industry (PCI), Electronic Banking Compliance Assessments

The Purpose

An enterprise compliance assessment discovers where your organization fails to adhere to the guidelines that govern your industry. Many of our clients come from the financial sector, banks, brokerage houses, insurance companies included.

We offer a variety of Assessments that can identify compliance gaps against U.S. and International regulations, specifically within the credit card and financial industries.

Many of these regulations are legislated to ensure the secure transmission, handling and storage of sensitive electronic data. This is to warrent that sensitive bank and credit account information, including client's personal identifying information is not exposed to theft, misuse or malicious intent.

Remember, you don't have to conduct business over the Internet to be 'online'. If your company stores account and/or transaction information on it's internal network, that information IS potentially accessible to the world. It is our business to determine WHO can be granted access and to WHAT information or systems.

Value to You

Ensure Compliance with Payment Card Industry (PCI) Data Security Standard;
Visa CISP and MasterCard SDP
When customers offer their bankcard at the point of sale, over the Internet, on the phone, or through the mail, they want assurance that their account information is safe.

When a customer uses his or her credit card to withdraw money, make a purchase, or pay a bill, do you know if the data being transmitted securely? It doesn't take much knowledge to 'listen in' to electronic financial transactions. If your sessions are not secure and encrypted, then the information passed during a transaction is not secure. Transmitting insecure information opens up the risk of fraud and identity theft to exposed accounts.

In addition, paper receipts, containing full account numbers, transaction amounts or transaction numbers are a liability that you just cannot afford to have.

We offer the Alawy Credit Card Data Security Compliance Service to help you comply with the cardholder information security measures and network security best practices required by Visa, MasterCard and other card issuers.

Alawy complies with Payment Card Industry (PCI) Data Security Standard which is the result of a collaboration between Visa and MasterCard to create common industry security requirements—created from VISA’s CISP and MasterCard’s SDP programs.

Our assessments keep you in compliance with any credit card association the recognizes the Payment Card Industry (PCI) standards.

Back to top


What are the PCI requirements?
The PCI Data Security Standard consists of twelve basic requirements and corresponding sub-requirements categorized as follows:

We offer a range of credit card data security compliance assessments:

•  For large businesses, our team of certified security professionals conducts an on-site assessment.
•  For smaller businesses, we offer an online compliance program.

Back to top

Protect your customers' account data and sensitive banking information, such as transaction number, machine number, and account numbers.

When a customer uses his or her ATM card at an Automatic Teller Machine to withdraw money, to check account balances or perform some other transaction, do you know if the data being transmitted securely?

If your ATM sessions are not secure and the information passed during a transaction is not secure, you could be opening up your accounts to fraud and identity theft.

Alawy's ATM Transaction Security Assessment also looks at the paper trail left by ATMs, and assesses the information security of paper receipts and transaction records. When a customer discards their transaction receipt, are they leaving sensitive bank information for a theif to pick up? Make sure that your ATMs don't print these sensitive items:

• Account Number
• Machine Number
• Confirmation Number
• Transaction Number
• Account Type
• Amount of Transaction

Back to top

• Help you define your compliance objectives
• Identify the improvements you need to make to pass your audit
• Recommend improvements that weigh benefits against cost
• Tailor our recommendations to your business goals
• Develop a strategy that evolves as regulations change

If your organization is a publically traded company, you are required to certify that your electronic transactions and sensitive business information--whether conducted over the internet, stored on your local corporate intranet--are transacted, handled and stored on a secure IT infrastructure.

Your business processes in handling such information must also be authenticated. For example, do your employees handle, use, and discard/delete sensitive data securely? Do they share passwords? Is Information Security awareness engrained in your corporate culture?

View our Policy, Practices & Personnel Services section to learn how Alawy can help you to build Information Security into your company's culture. And, develop policies and standards to promote Information security.

Back to top


How We Work

1. We learn your goals and constraints. We meet with key personnel to understand:
   • Your business goals
   • The money and staff members you can devote to fixing compliance problems
2. We determine where compliance is needed. We meet with key members of your team to understand your security objective and the areas where you want us to focus our assessment.
3. We identify essential regulations and standards. To clarify your security objectives, we identify the government regulations and industry standards that are essential in your industry.
4. We scrutinize your security, hands on and in depth. To clarify your security objectives, we identify the government regulations and industry standards that are essential in your industry.
   

5. We rank our recommendations by effectiveness and cost. We rank our recommendations by how effectively they advance your business goals. We also rate each recommendation by its cost-effectiveness and by how easy it is to implement.
   

Back to top


How Long It Takes
An assessment can take as little as a month if you’re a small company or if we’re evaluating a discrete program. It can take as long as six months to evaluate your entire organization.

Back to top

The Results

A Strategy 
You get a strategy for improvementnot just a pass-or-fail audit. We identify what you need to do immediately and your targets for six months out. We map out a plan for one and two years out. We also help you track changes in your plan and assess its long-term effectiveness.

Tailored Communications  
We tailor our recommendations to speak clearly and effectively to the people they affect: your CISO, your legal counsel, your auditors, and your Finance, HR, and IT departments. We provide executive summaries for decision makersand the specialized details that give your technical staff the information they need to fix the problems we uncover.

Tailored Recommendations Ranked by Cost and Effort 
We know everyone has a limited security budget. We identify the compliance improvements that are best for your businessand rank our recommendations accordingly. We help you prioritize your spending: we do a cost-benefit analysis of each recommendation and identify which are easiest and least expensiveand will produce the most effective results.

Industry-Standard and Vendor-Independent Recommendations 
Our recommendations are standards based to give you confidence that youre benefiting from the most up-to-date thinking in the industry. Our recommendations are also vendor independent to give you the freedom to implement the solution that suits you best.

You Come Out Smarter, not just Stronger 
When were onsite performing services, we make a point of working with your staff to make sure they know everything we discover. We work to help them become a better security staffand to build better security awareness into your organizations culture.

Back to top

Why Alawy?
Alawy has worked to secure the networks of Fortune 500 companies in the financial, energy, insurance, media and consumer goods sector in the United States. A significant amount of this experience has been within the financial services and banking sectors—assessing infrastructure security and architecting and deploying secure solutions. We participate in the FBI's InfraGard as advisers in threat and security matters.

Our Security Consultants are Software Engineers trained in Information Security. They understand systems architecture. They see the whole picture. We’re not a software company limited to our own line of products. We provide our clients with the solution that best fits their business and budget needs. We do not cater to a "one size fits all" approach. Our focus is on protecting the sensitive information you are trusted to safeguard -- information belonging to your business and your clients -- from malicious theft or careless mishandling.

Security isn't just about security; it's about your business. We focus on providing solutions tailored to your corporate goals and the real threats you face. Read about Our Approach - the foundation for all our work.

Focus on your business:

• We help you stay competitive. We use our knowledge and experience to benchmark your risk against your industry.
• We value actions by their consequences. Our focus is consequences, not just risk.
• We focus on our relationship with our customers. Our goal is to be your trusted security advisor.
• We provide recommendations that are vendor independent to give you the freedom to implement the solution that suits you best.
• We help you stay competitive. Our business is security, not just consulting.

• We have a wide variety of clients in a broad range of industries. That exposes us to the need for many different architectures, designs, and solutions.
• Our consultants are IT security professionals who’ve /clients/index.jsp worked with Fortune 500 companies or in the financial, energy, insurance, media and consumer goods industries.
• Our team of consultants is made up of Certified Information System Security Professionals (CISSPs).

Back to top