We prepare your business for payment card security and compliance requirements from every angle through risk assessment, compliance planning, and remediation.

More rigorous compliance standards and requirements from the PCI Security Standards Council (PCI SSC) and the growing number of service providers subject to PCI compliance make it a security priority. Our extensive PCI experience qualifies CTG to perform pre-compliance and gap assessments and perform significant enterprise remediation activities to help achieve compliance. In fact, CTG has been involved with payment card security since the inception of the Cardholder Information Security Program (CISP), the predecessor of PCI. As an Approved Scanning Vendor (ASV) certified by the PCI Security Standards Council, CTG performs the quarterly network scans required of merchants and service providers at every level.

Our PCI-related services include:

• PCI Preparation and Assessment Support
  • Readiness Survey Perform PCI DSS (PCI Data Security Standard) gap analysis focusing on payment processing architecture, data storage, access control, and policy
  • Compliance Planning Develop project plan, templates, and strategy for a formal PCI compliance program
  • Remediation Address PCI compliance gaps by developing policies and procedures, creating technical and verification documentation, improving system and application security, and building security infrastructure
  • PCI SAQ Preparation Support completion of the Self-Assessment Questionnaire (SAQ) and provide guidance on the intent and scope of PCI DSS requirement
  • Sensitive Data Identification Search servers, PCs, and storage for credit card and other regulated data
• PCI Compliance Measurement
  • Quarterly Scans Identify network vulnerabilities of Internet-facing servers and devices
  • Wireless Scans Search for "rogue" wireless networks, "evil twin" access points, and misconfigured networks
  • Internal Network Scans Scan internal servers, PCs, and devices within the cardholder data environment to ensure internal systems are not vulnerable to attack
  • Web Application Security Testing Test for cross-site scripting, SQL injection, and other vulnerabilities in e-commerce web applications using specialized software and "manual" tests
  • Penetration Testing Simulate hacker attacks against Internet-facing and internal systems to identify exposures to intrusion and data theft