âThe protection of customer information is one of the most important â if not the most important â issue confronting todayâs businesses. As we demonstrated in our Report on Compliance, CAPITAL has taken the necessary precautions to protect the cardholder data we manage on behalf of our clients, and to comply with the data security requirements outlined in the PCI Data Security Standard,â said Jeff Aegerter, President and CEO of CAPITAL Card Services, Inc.
Launched in December 2004, the Payment Card Industry Data Security Standard â known as PCI â is comprised of 12 data security requirements designed to protect sensitive information from being compromised. These requirements, which also include numerous sub-requirements, are applicable to all businesses that store, process, or transmit cardholder information.
To meet stringent security requirements of credit card associations, CAPITAL submitted to a rigorous audit of its information security policies, procedures, and IT environment, which included the following components:
â¢ Penetration Testing or âethical hackingâ of their IT environment
â¢ Security Assessment to determine the effectiveness of current security controls
â¢ Remediation to ensure any areas of potential non-compliance were addressed
â¢ Report on Compliance to benchmark CAPITAL with the PCI standard
AmbironTrustWave, a Chicago-based firm that specializes in data security and compliance services and a Qualified Data Security Company (QDSC) for all the card associations, conducted a comprehensive PCI security review for CAPITAL. In addition, AmbironTrustWave will perform regular audits on CAPITALâs IT systems to maintain its compliance on a regular basis.
âWe are pleased to be working with a market leader such as CAPITAL to further secure the transaction supply chain,â said Robert J. McCullen, CEO of AmbironTrustWave. âWith its leadership position in the market, CAPITAL sets the standard for other payment industry service providers to validate compliance with PCI.â