Coalfire, the leading independent Qualified Security Assessor Company (QSAC), has 10 years of experience auditing Level 1 merchants and performing penetration tests. With Navis PCI Complete, Coalfire packages its tools and expertise into an online toolkit and support program that provides small and medium-sized merchants with the education, tools, recommendations and assistance they need to de-mystify the PCI DSS and protect their businesses.
“The PCI DSS is a solid set of standards and recommendations that, if implemented wisely, greatly increases credit card security and insulates owners from the fines, penalties and fraud losses that can wipe them out.” says Mark Lucas, Coalfire’s VP of Navis. “The problem, however, is that the smaller merchant don’t have the time or training to really dig into the requirements and make judicious choices. They tend to ignore the risk and stop trying to get secure because they think it’s too expensive.”
Rick Dakin, Coalfire’s founder, CEO and a long-time advisor to regulators and trade associations, believes that Navis PCI Complete solves a long-standing industry problem: “Our approach is to equip, educate and stand with security conscious managers. Too many merchants have been tricked into believing they are compliant if they put a ‘check in the box’ on a survey or if they pay a compliance fee to their processing bank.“
Navis is Coalfire’s trademarked suite of Governance, Regulatory and Compliance (GRC) tools used by hundreds of clients in retail, financial services, state & local government, technology, healthcare and utilities. PCI Complete is specifically configured for merchants who process fewer than six million credit card transactions annually (PCI Merchant Level 2, 3 or 4) and are seeking to complete an annual test plan to validate PCI compliance.
The program includes:
• Assistance documenting card-processing technologies and networks (often known as the Cardholder Data Environment)
• Help with identifying compliance gaps, selecting controls and prioritizing
• External vulnerability scans (public IP addresses connected to the CDE)
• Internal vulnerability scans (IP addresses inside firewalls, but connected to the CDE)
• Tools to document, print and submit a SAQ to a merchant’
• $50,000 of data breach insurance for each registered Merchant ID.
Dakin sees Navis PCI Complete as the small-company version of Coalfire’s high-end services. “Data security is serious business, and we pride ourselves on our independence and the good, fair tests we administer on behalf of our clients. We’ve seen way too many small company’s get breached. It’s time for them to get some high-quality support.”
Coalfire is a leading, independent IT Audit and Compliance firm that provides information technology (IT) audit, security assessment and IT compliance management solutions. The company has grown rapidly since being founded in 2001 and now completes more than 1,000 projects annually in retail, financial services, healthcare, government and utilities. Coalfire has developed a new generation of technology-enabled IT Compliance Management Tools under the Navis brand. These tools enable Coalfire to efficiently deliver governance, risk and compliance (GRC) services and keep pace with rapidly changing regulations and best practices. Coalfire’s solutions are adapted to requirements under emerging data privacy legislation, including the PCI Data Security Standard, Gramm-Leach-