PCI Security Services

Snapshot Design is excited to announce it is now recognized as a Qualified Integrator and Reseller (QIR) Company through the Payment Card Industry Security Standards Council (PCI-SSC). QIR Companies go through a qualification process by PCI-SSC and enlist employees to complete the QIR Employee training. QIR companies can perform Qualified Installations on applications that are considered Payment Application Data Security Standards (PA-DSS) compliant.

While JDA Direct Commerce products adhere to (PA-DSS), a QIR’s role is to further ensure the PA-DSS application is implemented, configured and maintained in a compliant and secure manner. The overall effort of Snapshot Design combined with its QIR Company and Employee recognition is to provide a higher standard of service, ensure our customers maintain a high level of awareness within their secure cardholder environment, and continually support their goals of achieving PCI-DSS compliance.

What does this mean for your company?
Now you can turn to us for any of the services listed below, and alleviate your PCI-DSS headaches.

  • PCI -DSS Annual Self-Assessment Questionnaire Assistance
    Take some of the pressure off, and receive guidance getting through your annual Self-Assessment process.
  • PCI-DSS Policy and Procedure Definition including Network Diagrams/Documentation
    We provide a PCI-DSS Policy and Procedures template that can be filled in with your processes as they directly correlate to the latest PCI-DSS Requirements.
  • PCI-DSS Awareness Training
    This training session is a high level fly by to get you thinking about and increasing your awareness surrounding PCI Compliancy.
  • PCI-DSS Direct Commerce Health Check
    Do you already run a PCI-DSS enabled version of the Direct Commerce suite of applications? Run through all of the system touchpoints that relate directly to your PCI-DSS compliancy to ensure you have the PCI mindset.

    • Annual Encryption Key Rotations – Not sure of the process for rotating your Direct Commerce encryption keys. Get the help you need to address the PCI key replacement requirements
    • Data Purging/Retention – Develop and implement a data retention policy and processes that minimizes cardholder data storage and duration as required for business, legal, and/or regulatory purposes.
    • Audit/Centralized Logging – PCI/DSS standards require an audit log that tracks all user activity when card account information is viewed or maintained through user interface screens. Get help setting up the Centralized Logging functionality to address PCI-DSS standard 10.5.3.

  • PCI-DSS Direct Commerce Introduction
    New, Migrating, or Upgrading clients that are heading towards the latest Direct Commerce versions will want to learn about and leverage all of the PCI-DSS enabled functionality.
  • PCI-DSS Encryption Key Updates
    Not sure of the process for rotating your Direct Commerce encryption keys. Get the help you need to address the PCI key replacement requirements and update your Batch RSA Key Pair and AES 256 Keys (or Blowfish 192 Keys on versions prior to 2013).