If your company processes, stores or transmits credit information provided by Experian, you may be required to have your systems assessed to demonstrate the ability to protect Experian provided data both externally and internally, from unauthorized users.
EI3PA requires an evaluation of a Third Party’s information security program and controls by an independent assessor, based on requirements provided by Experian. EI3PA consists of security controls requirements adapted from PCI-DSS payment card security standards. Experian’s policy is that the same vendors who perform assessments for PCI compliance are qualified to perform assessments for EI3PA.
The Credit Reporting Agencies such as Experian face significant risks if sensitive consumer information is not adequately protected by all parties. To address this, Experian created EI3PA credit data security requirements.
Any entity that transmits, stores, processes, or provides consumer credit data from Experian is subject to EI3PA and must comply with and attest to compliance as performed by a third party Qualified Security Assessor (QSA).
EI3PA compliance is a competitive advantage for any business increasing the business value and reputation of an organization by way of protecting consumer credit data and reducing the risks of a data breach, loss of customers, brand erosion, litigations and huge monetary losses. EI3PA Compliance helps you to demonstrate an ongoing commitment to protect Experian provided data by preventing consumer credit data security breaches.
Because RSI Security is a Qualified Security Assessor Company (QSAC) for PCI compliance, RSI Security is also qualified and authorized to perform formal EI3PAs. RSI Security’s extensive experience with PCI DSS qualifies us to help you with the following tasks common to EI3PA compliance tasks:
Our Qualified PCI DSS security advisors can help you identify significant gaps in operations, security processes, and controls, advise corrective actions to be taken prior to an EI3PA audit or compliance review. RSI Security will deliver a Roadmap to Compliance, our unique approach to remediation, to assist your organization in meeting required compliance objectives.
Our PCI QSA professionals provide comprehensive EI3PA assessments which results in a documented Experian Security Assessment Report on Compliance (ESAR). The ESAR provides an independent validation of compliance required by Experian.
RSI Security is an Approved Scanning Vendor (ASV). Quarterly scanning by an approved ASV is required as a periodic test to ensure that new vulnerabilities have not been introduced as changes are made to your systems.
If you have a website that collects, stores or transmits credit information, PCI DSS requires you to perform application-layer penetration testing at least once per year and after any significant application upgrade or modification. RSI Security provides Web Application Security Testing.
PCI DSS requires annual network penetration testing at least once a year and after any significant infrastructure upgrade or modification. RSI Security provides penetration testing and vulnerability assessments.
If you have wireless access points in your payment card network, PCI DSS requires you to test for the presence of wireless access points by using a wireless analyzer at least once a quarter. RSI Security provides wireless security testing.
EI3PA requires an evaluation of a Third Party’s information security program and controls by an independent assessor, based on requirements provided by Experian. EI3PA is based on PCI DSS Card Data Security Standards, in order to protect Experian provided consumer credit data. Experian requires third party providers to demonstrate EI3PA Compliance by way of security assessment performed by a PCI DSS QSA.
EI3PA differs from PCI-DSS in that it assesses how a Third Party provides protection of Experian provided data rather than cardholder data. It also differs in that it is approved solely by Experian, not by the card issuer, issuing bank or the assessor.
EI3PA is an annual assessment and certification. It must be renewed within one-year from the date of current certification.
Additionally, the following are EI3PA unique requirements that must also be met:
Learn more by visiting the Experian website.