Learn about Zeguro's new Cyber Safety platform features and how you can use our solutions to meet certain PCI DSS requirements.
The Payment Card Industry Data Security Standard (PCI DSS) includes policies and procedures designed to ensure the security of credit, debit, and cash card transactions and protect against the misuse of cardholder information. While larger companies may have a staff of experts helping them navigate the requirements, FinTech startups and other smaller financial organizations with limited resources may need help. For these companies, Zeguro has very good news.
Yesterday, we launched a new set of Monitoring features in our Cyber Safety platform to address additional PCI DSS requirements. The new features provide an easy and effective way to comply with the standards, by automating and integrating scanning into development processes and continuous integration and deployment processes (CI/DC).
PCI DSS requires that any applications you use to process cardholder data be scanned for common software-based vulnerabilities. Zeguro’s Web App Vulnerability Scanner can help you identify these vulnerabilities in your web applications on a routine basis (at least monthly is our recommendation), and highlight those that are specifically required for DSS compliance. These include the use of insecure encryption like TLS 1.0 or SSLv3, as well as common web app flaws like XSS or CSRF.
The results of these scans give you a prioritized to-do list of vulnerabilities, evidence showing where each vulnerability exists, and a set of suggested fixes that can help you remediate them before attackers find them — all in language your developers can understand, which speeds the time to fix.
In addition to internal vulnerability scanning, PCI DSS requires that your organization have a plan for penetration testing that covers the Cardholder Data Environment (in addition to scans like the quarterly external vulnerability scan, which must be conducted by an Approved Scanning Vendor).
Zeguro’s partnership with Cobalt provides you access to high-quality pentesting talent and details/collaboration with the testers to identify suggested fixes for any vulnerabilities found. For more information, check out Cobalt’s PCI pentesting information here.
Since PCI DSS fines can range anywhere from $5000-$100,000, investing in higher quality and easy-to-use scanning and penetration testing is well worth the investment to make sure you are building ongoing security best practices into your development processes. If all else fails, Zeguro cyber insurance can help to offset PCI DSS compliance penalties and fines. Read more about our cyber coverages here.