Payment Card Industry D.S.S.

The Payment Card Industry (PCI) and its related Data Security Standards (DSS) practice at Juventus Consulting are the result of the evolution and prevalence of Credit as the essential vehicle through which current and future commerce is conducted in an ever larger part of the digital economy, E-commerce. The convergence of 3 interrelated and still evolving phenomena: E-commerce as the future of retail and wholesale transactions, the pivotal economic role of digitized consumer data, especially Credit and Debit Cards and, the increasing sophistication of Credit Card fraud, has given rise to Information Security has become the vehicle of choice through which the new frontiers of commerce are protected when users are purchasing services or materials at retail or internet locations. It becomes a gold standard for user identification, authentication, and a measure of purchasing power that is the bedrock of a consumer based economy.

Realizing the potential losses that can and no doubt will be incurred by consumers and creditors alike with any breach of customer information compliancy is a must; this is currently on track to be mandated both in Canada and the United States in the next few years and has the potential to include other forms of identification in the future, such as SSN, SIN and Drivers Licence primarily. The PCI DSS was created jointly in 2004 by four major credit-card companies: Visa, MasterCard, Discover and American Express.

The intent was to create a universal standard, based on 6 interconnected protocols, to ensure the protection of that most valuable consumer data, Credit Card information. Based on the PCI Security Standards Council, the 6 levels of protections are: Build and Maintain a Secure Network, Protect Cardholder data, Maintain a Vulnerability Management Program, Implement Strong Access Control Measures, Regularly Monitor and Test Networks and Maintain and Information Security Policy.

The most influential GAP with primary merchants is the scope and long-term financial commitment this standard causes weighed against their ability to remain competitive. When a merchant takes this into consideration and the PCI Security Standard continually evolving and defining as new threats are always emerging, merchants are finding that achieving and managing ongoing compliance and steady state is becoming more costly, more time consuming, and more resource intensive than anticipated. As recent breaches have proven, even merchants that achieve compliance are finding that PCI compliance management does not equal security.

Juventus Consulting has created its PCI practice to address the “Art and Science” of initial and on-going compliance with PCI standards. At the heart of our practice is the knowledge that the successful combination of People, Process and Technology is the key to achieving and sustaining PCI compliance cost effectively. Our clients, be they vendors of PCI platforms, or Systems Integrators, or a combination of both, rely on our ability to Identify, Evaluate and Manage the work effort of PCI and PCI DSS Resources.

Our practice is designed to identify and manage the efforts of the highly scarce but in-demand resources that have the skills required for successful implementations and PCI Compliance. We have worked diligently not only to understand and become experts at the industry we work in, but also to work with and represent those talented individuals that possess the skills and the aptitude for a successful PCI solution delivery.

We realize that achieving PCI compliance is only half the battle; On-going maintenance of PCI compliance for service providers is finding the means of mitigating resource intensive tasks through the combination of well-defined controls and automation measures. The resources needed for each phase of the process need to be well understood and properly deployed.

The new frontiers of protection of the “Digital Consumer” are upon us, and Juventus Consulting will be at the heart of PCI solution delivery, through its relentless focus on the combination of People and Technology in the PCI compliance space.

Please contact us at PCI@Juventusconsulting.ca to find out how we can make your implementation and compliance with PCI standards effective.