PCI Compliance

The Payment Card Industry (PCI) Data Security Standard (DSS) provides a baseline of technical and operational requirements designed to protect cardholder data. PCI DSS applies to all entities involved in payment card processing – including merchants, processors, acquirers, issuers, and service providers, as well as all other entities that: Store; Process; and or Transmit Cardholder data.

Though PCI Council is responsible for defining and updating the standard yet card brands are the driving forces to mandate the compliance.  Currently there are specific deadlines issued by card brands like Visa to require the entities like merchants, acquirers and service providers to demonstrate compliance by undergoing either SAQ (Self-assessment questionnaire) or an onsite audit conducted by QSA (Qualified Security Assessor) company—depending on the transaction volumes.

PCI - DSS Services Offered:

  • Card Data Discovery: Automated and manual techniques are used to discover the cardholder data
  • PCI De-Scoping strategies: After careful review our experts can recommend strategies to reduce the scope.
  • PCI -DSS Gap analysis: Detailed gaps analysis report will be constructed after careful review of Cardholder environment.
  • Documentation & Trainings: We provide custom documentation, training and awareness program development services.
  • Remediation & Compliance: Point-by-point actionable recommendations will be provide to achieve full compliance
  • Other services:  Facilitating final audit, ASV Scanning, Vulnerability Scanning & Penetration testing.


PCI DSS for Web Application penetration testing:

For web application penetration testing, mile2 adheres to OWASP (Open Web Application Security Project) standards. OWASP provides a framework of recommendations that can be used as a benchmark to help identify vulnerabilities and risks in web applications.pci-credit-card

Mile2 is able to help merchants manage data security risks, evaluate the security of their systems that store payment account data, and assist them in achieving compliance with the PCI data security standard (DSS) using state of the art security tools and processes.

PCI requires organizations to monitor and test networks to find and fix vulnerabilities on a regular basis.  mile2 can help merchants meet and exceed the following PCI requirements:

11.2 Run internal and external network vulnerability scans at least quarterly and after any significant change in the network

11.3 Perform external and internal penetration testing at least once a year and after any significant infrastructure or application upgrade or modification, including network- and application-layer penetration tests.

6.6 For public-facing web applications, address new threats and vulnerabilities on an ongoing basis and ensure these applications are protected against known attacks by either of the two methods.

At the conclusion of the testing process, clients receive a mile2 SAR (Security Assessment Report) which includes comprehensive information to empower clients to make the necessary changes to adhere to compliance standards.

Mile2 is licensed and Insured with Darwin, an Allied World Assurance company and works in conjunction with GRC360, a PCI QSA* and mile2 uses ASV tool #4268-01-03.

mile2: A Worldwide Name in IT Security! mile2 provides services for companies like Penetration Testing, Ethical Hacker Training, Digital Forensics, and mile2's
upgrade to Certified Ethical Hacker Certification known as CPTEngineer and CPEH.
mile2 designs, develops, and delivers Information Security training and consulting services that meet military, government,
private sector and institutional specifications. mile2 also provides security vulnerability scans and assessments to clients around the world.
You can become an Ethical Hacker with our answer to Certified Ethical Hacker Training. Click Here
Interested in Digital Forensics?