PCI Compliance

Lume_PCI-ComplianceRegulatory issues and security concerns are more important than ever. Nothing is more important than protecting your data and your customer’s data. Partnering with Lume to achieve PCI compliance will reduce compliance costs and increase security. Our compliance team is here to help you navigate through the process of obtaining your own Report on Compliance (ROC) by providing guidance, reports, statements and answering any questions you may have.


We Can Help

Protecting What Matters – Your Customers’ Data
The Payment Card Industry Data Security Standard has identified 12 requirements to help protect your customers’ data. Lume will work with you to identify and resolve any PCI compliance gaps you may have and outline a plan for meeting these requirements.


PCI DSS Requirements How Lume Can Help What You Need To Do
1 Install and maintain a firewall configuration to protect cardholder data
  • Ensure segmentation of cardholder data environment.
  • Review firewall rules semi-annually
  • Create demilitarized zone (DMZ)
2 Don’t use vendor-supplied, defaults for system passwords and other security parameters
  • Internal vulnerability scanning
  • Scan vendor supplied passwords
3 Protection of cardholder data N/A
  • Encrypt cardholder data
  • Encrypt databases
  • Secure disposal of media
4 Encrypt transmission of cardholder data across open, public networks
  • VPN Service
  • Managed network firewall
  • SSL certificates
  • Encrypt transmission of cardholder data across open public networks
5 Use and regularly update anti-virus software programs
  • Ensure anti-virus is deployed and continuously patched
6 Develop and maintain secure systems and applications
  • Internal and external PCI vulnerability scanning
  • Web application firewall
  • Patch management
  • Secure access to applications and cardholder data
7 Restrict access to cardholder data on a need-to-know basis
  • Security Operations Center workflow change request process
  • Secure application & encryption
8 Assign unique ID to each person with computer access
  • Multifactor authentication
  • VPN Service
  • Security Operations Center workflow change request process
  • Conduct multi-factor authentication
9 Restrict physical access to cardholder data
  • Protect cardholder data
10 Track and monitor all access to network resources and cardholder data
  • Log management
  • Protect cardholder data
11 Regularly test security systems and processes
  • Internal and external vulnerability scanning
  • Intrusion detection and prevention system
  • Conduct internal and external penetration testing
  • Provide wireless Intrusion detection and prevention
12 Maintain a policy that addresses information security for all personnel
  • Conduct internal and external penetration testing

Don't Go It Alone.

Understanding what it takes to maintain compliance can be difficult. Let us help.