PCI-DSS Solution

What is PCI-DSS?
PCI-DSS Security Certified Payment Card Industry (PCI) Data Security Standard, is by Visa, American Express Company, Discovery Financial services company, JCB and MasterCard International jointly launched to protect cardholder data and transaction security standards, including the storage of credit card information, payment data processing, and the process of trading, etc.
All institutions associated with payment cards (credit cards, debit cards, etc.), including merchants, service providers, receiving agencies (acquirer) and card issuers must meet the requirements of this standard. It is currently the world's most stringent, the highest level of financial institution's safety certification standards.

PCI-DSS Compliance Requirements
PCI Data Security Standard-High Level Overview

Build and Maintain a Secure Network and Systems 1. Install and maintain a firewall configuration to protect cardhoider data
2. Do not use vendor-supplied defaults for system passwords and other security parameters
Protect Cardholder Data 3. Protect stored cardholder data
4. Encrypt transmission of cardholder data across open, public networks
Maintain a Vulnerability Management Program 5. Protect all systems against malware and regularly update anti-virus software or programs
6. Develop and maintain secure systems and applications
Implement Strong Access Control Measures 7. Restrict access to cardholder data by business need to know
8. Identify and authenticate access to system components
9. Restrict physical access to cardholder data
Regularly Monitor and Test Networks 10. Track and monitor all access to network resources and cardholder data
11. Regularly test security systems and processes
Maintain an Information Security Policy 12. Maintain a policy that addresses information security for all personnel

PCI-DSS Compliance Service Solutions

1. System Setup Solution

TaiPay will provide compliant hardware and software equipment as well as compliant operating room to execute the overall system construction to meet customers' demands. The hardware and software requirements of the solution are as follows.

A

Hardware setup

  • DMZ/internal/Monitoring zones set up
  • Servers / firewalls / switches / routers / vLan / token vault
  • Virtualization machines, virtualization software
  • Server types planning as web, application, database, authentication, mail, proxy, Network Time Protocol (NTP), and Domain Name System (DNS).
B

Software setup

  • TaiPay tokenization API
  • Firewalls
  • IDS/IPS
  • FIM
  • Anti-virus
  • Physical access controls
  • Logical access controls
  • Audit logging mechanisms
C

Compliance data center environment: Chunghwa IDC Rated 4

D

Compliance audit: To assist customer in auditing process with our partner.

2. Escrow solution

TaiPay also provides services to customers who do not want to spend on Infrastructure construction that they can simply use the compliance hardware and software facilities provided by TaiPay. The services are as follows.

  • TaiPay tokenization API connection
  • Original TaiPay compliance software and hardware rental