In order to identify all settings and security status, we will perform evaluation on clients’ network basic infrastructure and other designs, the purpose is to ensure the safety structures and designs are compliant with PCI DSS. This is not only the requirements of Visa and MasterCard, but also the requirements of acquiring bank.

        In this stage, we’d provide you with a comprehensive remediation report, to ensure the system is compliant with PCI DSS rules, which include network frame, safety conditions, and other incident recovery policy etc., and finalize one network diagram and report, to provide support for raising the safety of the whole network payment.

        In the preliminary testing stage, we will physically examine the network frame, and interview the information technicians about the same. We will also conduct important network resources auditing. The examination is usually conducted as such, but can be customized according to the specific requirements of the clients. This examination will take one day, after the onsite examination, we will provide remote support for technical consultations and provide report on how to raise the security of the whole network. As part of the examination, we will assist the clients to test their current network structure. The security measures include, but not limited to the following parts:

• Monitoring internal and external routers of the system

• Encrypted transmission of external agency and internal system network connection in public network

• Safety of Virtual Private Network

• Remote management (firewall, router as best practice examples)

• Data access monitor, intrusion detection, discover/prevention of product testing

• Login of Network access products and virus scanning

• Audit trace archive

• Incident reaction and report

Discover In Advance

Personnel from client’s company information technology department will be required to provide related network type, quantity of internal nodes, internet and remote access functions, network diagram, one copy of current computer or network security policy flow and other related information. These information will enable our technical consulting team to be familiar with client’s current network security status before onsite testing.

Startup Meeting

The Startup Meeting is usually very brief, the expected objective is to explain the testing purpose and discuss any documentation related issues. During the startup meeting, all related personnel included, will discuss about the actual system audit schedule and network scan time. Meeting can be conducted via teleconference or as onsite meeting.

Devices Testing

Security Consulting Team will receive a simple and clear flow report of current infrastructures, which include the place where the payment gateway store, computer room, communication facilities, physical safety measures and system, and other operational information that is important for the testing.

Design Evaluation

During the teleconference and facilities checking period, safety consulting team will investigate and confirm the scope area, and at the same time examine the necessary infrastructures within the examination scope of this project.

Technical Consulting Support

After providing remediation suggestions, we will continue to provide you with technical consulting supports, in order to increase the security level of the whole payment gateway. We will also provide teleconference, the time that provided for such teleconference each month within one year will be limited to be within two hours. During the GAP process, the personnel of the service provider will need to conduct actual audit for the infrastructures, and at the same time will interview the major IT personnel. Finally, the service provider has to provide a report as guidance for system remediation on GAPs found during previous checking.