PCI-DSS compliance for telcos

Talal Wazani, manager Strategic Security Consulting, Help AG looks at why telcos need to get compliance certificates.
Cyber crime, GDPR, PCI-DSS compliance, Data center, Data security


CommsMEA: Why should telecoms network operators have PCI-DSS compliance?

PCI DSS compliance is required of all organisations who store, process or transmit cardholder data in any form. With the increase in cyber-breaches and compliance deadline for GDPR looming around the corner, it’s advised for operators to consider PCI-DSS compliance. That ensures their payment systems are protected against breaches and theft of cardholder data. Moreover, they will also benefit from increased customer confidence and trust.

CommsMEA: How does PCI-DSS ensure compliance, and how often does the certification need to be updated?

PCI DSS follows common-sense steps that mirror security best practices. PCI DSS requires entities to perform internal and external quarterly vulnerability scans, identify and address vulnerabilities in a timely manner, and verify through rescans that vulnerabilities have been addressed. The compliance assessment is validated annually and quarterly scanning of card data environment may be required.

CommsMEA: What should a telecoms operator do to ensure compliance?

It’s necessary to realise that compliance is not a one-time event. Companies need to continuously monitor and enforce the use of controls specified in the PCI Data Security Standard. It’s essential for organisations to integrate PCI DSS compliance with their overall IT governance, risk and compliance programmes.

PCI compliance standards require companies to complete an annual Self-Assessment Questionnaire (SAQ) to validate PCI DSS compliance. Hence, staff training is required to ensure data center and call centre staff understand the requirements of the PCI standard.

Depending on risk levels, organisations need to constantly monitor the system components in scope for PCI DSS compliance regularly, report when necessary and take proper stops to remediate. Help AG provides services and solutions to help organisations that store, process and transmit cardholder data to comply with PCI-DSS requirements.

Our professional and qualified team of consultants and analysts ensure that your governance, risk and compliance requirements are met.

The Payment Card Industry Data Security Standard (PCI DDS) is a framework designed to ensure all companies that process, transmit or store credit card data do so in a secure and regulated manner. The standard was launched in September 2006 with the aim of outlining a set of security standards for the evolving Payment Card Industry (PCI). The standard defines four compliance levels dependent on criteria such as the number of transactions executed per year and audits by external parties.

Editor's Choice

No thunder in sight
AVTECH Sweden’s proFLIGHT helps pilots pick the perfect flight path
Gulf Bridge International and Microsoft partner to accelerate cloud connectivity in the Middle East
Gulf Bridge International’s partnership with Microsoft provides secure connectivity to Microsoft’s Azure ExpressRoute, supporting regional cloud adoption

Most popular

Don't Miss a Story