Network Detective

IT ASSESSMENTS & REPORTING

CLOUD ASSESSMENTS
Microsoft Cloud
IT ASSESSMENTS
Network Security Exchange SQL Server
COMPLIANCE ASSESSMENTS
HIPAA PCI
OVERVIEW

Cyber Hawk

INTERNAL THREAT DETECTION

Detect anomalous activity, suspicious network changes and threats caused by vulnerabilities and misconfigurations.

LEARN MORE

Compliance Manager

COMPLIANCE PROCESS AUTOMATION

Compliance-as-a-Service your customers can trust.

COMPLIANCE STANDARDS
OVERVIEW
VIEW ADDITIONAL RESOURCES

Looking for more information? Visit the Resources page for videos, eBooks, whitepapers and more!

Network Detective
PCI Compliance

The opportunity to build a new or expanded PCI Compliance practice is here. With the PCI module you can provide:

PCI ASSESSMENT SERVICES

Assess the Cardholder Data Environment and provide an ad hoc PCI assessment for a one-time charge.

PCI REMEDIATION SERVICES

Provide project based remediation services to address the security vulnerabilities.

PCI COMPLIANCE SERVICES

Offer full PCI managed services to produce mandatory reports and provide ongoing remediation.

How to Justify PCI Compliance Services to Your Clients and Prospects

In 2006, MasterCard, Visa, JCB, American Express, and Discover established the PCI Security Standards Council, a 3rd party entity, to manage the Payment Card Industry security standards and to promote the standard’s implementation by all its merchants that accept credit/debit cards, including businesses at retail locations, online, and through mail order.  The PCI Council requires its merchants to:

  • Build and maintain a secure network
  • Protect cardholder data
  • Maintain a vulnerability management program
  • Implement strong access control measures
  • Regularly monitor and test networks
  • Maintain an information security policy

PCI Compliance is a Continuous Process

To support your proposal, direct your client to the goals on the PCI Security Standard Council’s website. This official website will reinforce that PCI Compliance is a continuous process.

Banks Can Be Great Sources of Referrals for New Clients

There are usually two financial institutions involved with your client’s credit card business. The first is the Commercial Bank, where your clients and prospects do their regular banking and have their business bank accounts. The second is the Acquiring Bank, which is the financial institution that has an agreement with your clients and prospects to process and deposit payments made by credit and debit cards in the regular business bank.

 

It goes without saying that, at the end of the day, the financial institution carries the risk if there is a data breach and their clients are incapable of covering the loss and paying the fines. The banks would love it if all of their clients with merchant accounts had a professional IT services firm doing ongoing PCI compliance work.

 

Start with your own commercial bank. Explain the PCI services that you offer, and see if the bank is willing to refer you to their clients. Try proposing a partnership arrangement whereby you will do a free “preliminary assessment” for the bank’s merchant account clients, with the understanding that if issues are discovered that require remediation, the bank will compel their clients to use your remediation services.

Also, keep in mind that the major card issuers, Visa, MasterCard, JCB, American Express, and Discover Financial Services, require their own PCI Compliance reports so that means your clients likely have more than one Acquiring Bank to deal with.

Overcoming the Objection: “We Can Do It Ourselves”

Many merchants don’t fully understand the requirements and their responsibilities when it comes to maintaining PCI Security Compliance. When they find out, many businesses think they can do it themselves.

 

The PCI Security Standards Council does permit the merchants to do self-assessments, but without a tool like Network Detective, they would find it very difficult to collect all of the data and generate the required reports.

 

If you come across this objection, send them over to the PCI Security Standards Council official website to see the requirements. The more they read, the more they will realize that they need help.

 

Make sure your clients understand that even if they are able to do their own PCI assessment, once that has been completed, a signed Attestation of Compliance must be executed and sent to the Acquiring Bank along with a number of documents that include:

  • Remediation plans detailing how the Merchant plans to address unmet PCI Requirements and in what time-frame
  • Compensating controls worksheets
  • All Evidence of Compliance documentation either prepared by the Merchant or by the Security Assessor
  • The Network Detective PCI Compliance module generates all of these documents automatically and even includes a direct integration with an ASV solution that allows you to set up and run the mandated quarterly ASV external vulnerability scans.

Show your clients and prospects sample reports with your branding, and let these sell your services for you!

LET US SHOW YOU HOW IT WORKS!

All subscriptions include free training and help onboarding your first client. Not yet ready to buy? Request a demo and we’ll show you how it works.