Some merchants still believe that their Point-of-Sale (POS) vendor provides all the security they need to be Payment Card Industry (PCI) compliant. That would be an incorrect assumption.
A POS vendor is required to be Payment Application (PA-DSS) compliant, but that does not equate to PCI Data Security Standards (DSS) compliance. The commonality here is both require compliance year after year. PCI DSS stresses ongoing compliance, not just a point in time compliance.
A major requirement of PCI DSS is internal vulnerability scanning of the internal networks.
Requirement PCI 11.2.1.b questions, “Does the quarterly internal scan process include re-scans as needed until all “high-risk” vulnerabilities as defined in PCI DSS Requirement 6.1 are resolved?” and 11.2.1.c states, “Are quarterly internal scans performed by a qualified internal resource(s) or qualified external third party, and if applicable, does organizational independence of the tester exist (not required to be a QSA or ASV)?”[1]
What is an internal vulnerability scan?
The short and clear answer is, an internal vulnerability scan identifies real and potential vulnerabilities inside a business’s network.
The reality here is, most IT staff however big or small a business spend their time dealing with regular day-to-day issues and putting out fires. They do not have the time to look into internal vulnerabilities or deal with PCI requirements. Here’s where you will see the value of a managed security services provider like Omega ATC.
Omega’s break-through solution, the Omega Appliance provides internal vulnerability scanning, log parsing, and monitoring, all of which satisfy some of the toughest PCI DSS requirements for a merchant to achieve.
- The Omega Appliance is the front line data security for retail stores.
- It’s the least bandwidth intensive way to scan.
- It does not bog down the network with scan traffic, so staff and customers can complete their transactions unimpeded.
- Re-scans are performed until high risk vulnerabilities are resolved.
To get more information or schedule a test of the Omega Appliance, get in touch with Omega.
In summary:
- POS security alone does not satisfy PCI DSS compliance
- PCI DSS requires vulnerability scanning
- The Omega Appliance is the most effective solution in today’s market — small, powerful, and accurate.
[1] https://www.pcisecuritystandards.org/documents/SAQ_D_v3_Merchant.pdf