Tag: mpsb

MPSB is re-certified as PCI v3.0!

logo_mpsb

Congratulations to ManagePay Services Sdn Bhd for re-certifying under PCI v3.0. They are the first among our clients who achieve V3.0!

PCI v3.0 maintained the 12 main requirements from PCIv2. PCI DSS v3.0 is effective January 1st 2014, but organisations are given the choice to comply to either v2 or v3 in 2014. All certifications in 2015 (MPSB included) is certified under v3.0. Under v3.0 however, major changes include:

a) Testing of segmentation adequacy through penetration testing

This determines whether segmentation had been done properly. We have seen many implementation where ‘segmentation’ was supposedly implemented, but we found that route between network had unfiltered access between zones. This will ensure whether CDE is properly isolated from non-scoped access.

b) Validation of 3rd party providers

PCI-DSS compliance must be validated if card holder data is being shared out to 3rd party providers. This is either through their own AOC (like AWS), or an agreement to participate in the customer’s PCI program.

c) Business as Usual

By far, this is the most challenging to us. Most of organisations undergoing PCI-DSS struggle in the second and third year re-certification as they need to demonstrate compliance in everyday activities and not just during audit period.

d) Protection of POS

Most of the issues of recent times like Target are due to POS Malware exploitation.V3.0 requires companies to maintain inventory and maintaining POS from being tampered with as well as periodic training.

Of course, v3.0 covers a lot more than these. For a more detailed look at PCIv3.1 and how it affects your organisation, you can contact avantedge@pkfmalaysia.com. Or you can join our monthly PCI training, which is HRDF claimable, the latest schedule is at http://www.pkfavantedge.com/training-programs/.

MPSB is PCI-DSS Certified!

What started out as a simple enquiry in 2012 turned into a full fledged PCI-DSS Level 1 project for Manage Pay Services Berhad (MPSB), one of our success stories in PCI-DSS compliance. MPSB was one of our first client together, and while the follow ups and clarifications took some time, we once again demonstrated the value of client relationship and customer closeness that sets our service apart. With PKF, and working with the QSA vendor Control Case, we are just a call, just a drive away. With additional value added services like update talks, training, technical services and consultancy, we definitely gave MPSB more than they bargained for. It was precisely this working relationship between MPSB, our local team of PCI consultants and the QSAs from India that made this project a resounding success. It was indeed with great pride that in 2014, less than a year from our gap assessment, that we can say: it was a great journey, and now it continues on through maintenance and yearly review.

PCI-DSS can be an extremely arduous project, as it touches major parts of the business and is oftentimes more than 5 – 6 months. Due to this, we have specialised Project Management Professionals (PMP) doing PCI based projects for banks and large enterprises. For more details, drop us an email at avantedge@pkfmalaysia.com. We will contact you immediately and set you up on your compliance journey.

© 2024 PKF AvantEdge

Up ↑