Our PCI DSS compliance service helps your business to comply with PCI requirements and ensure accurate PCI validation. The PCI DSS (Payment Card Industry Data Security Standard) is a set of comprehensive requirements for enhancing payment account data security. This standard is used globally and was developed by the major card brands (Mastercard, VISA, American Express, Diners and JCB) to help facilitate the broad adoption of consistent data security measures in order to prevent fraud and theft of payment card data.
PCI DSS consists of a large number of technical and organisational security measures, all aimed at providing the highest level of security for the processing and storage of credit card information. So, if your business accepts, stores, or transmits card data, or outsources these functions, PCI DSS compliance validation is required by the card brands and in turn, your acquiring bank.
There are specific entities that directly come under PCI DSS compliance. For example, the PCI DSS requirements apply to entities with environments where cardholder data is stored, processed, or transmitted and entities with environments that can impact the security of the cardholder data environment (CDE).
It is essential to understand that there are some cases where PCI DSS requirements also apply to entities outside of those that store, process, or transmit account data. For example, organizations that outsource payment operations or manage their CDE are still required to comply with some PCI DSS requirements.
In general, it is worth noting the twelve core tenant concepts of PCI DSS did not change with version 4.0 of the standard. These core standards are the framework’s pillars and still apply to organizations complying with PCI DSS. PCI DSS v4.0 is built on the concept of zero-trust, which is increasingly recognized as the best practice moving forward. However, interestingly with PCI DSS v4.0, there is an interesting new option for organizations meeting PCI DSS regulations — the customized approach to satisfying PCI requirements. Organizations can now choose between the defined approach and the customized approach.
Despite being a mandatory requirement, there are some very good reasons for being PCI compliant. These are:
MAINTAIN TRUST AND REPUTATION
PCI DSS is among the strongest certifications on information security. Ensure that your organisation safeguards its reputation and trust.
The PCI DSS SSC seeks to create an equal level playing field among its entities and merchants. Be part of the growing group of entities that ensures cardholder data security.
Being compliant may provide a safety net against hefty fines and rigorous requirements if your organisation is breached.
Legislation such as the General Data Protection Regulation (GDPR) require accountability on personal data. PCI DSS is one of the paths that can be chosen towards compliance.
The PCI DSS puts a framework in place that encourages regular review and process improvements.
SAFEGUARD SENSITIVE DATA
Cyber criminals target companies with high value data. Prepare your company against cyber attacks.
Our PCI DSS compliance service is a detailed look at your organisation from the Payment Card Industry perspective.
Our PCI DSS assessment comprises a cycle involving four distinct phases that lead to PCI DSS compliance.
Here are the following 4-phases:
During this phase the scope and reach of the project is determined. Together with all stakeholders we review PCI DSS and the steps needed to become compliant. An inventory is made of documents such as your policies and procedures, application information, installation manuals, test reports and source-code reviews. The scoping phase is executed using a scoping toolkit, which defines an objective framework of setting the scope.
GAP ANALYSIS / PRE-AUDIT
During this phase we identify the possible problem areas of PCI DSS and create a roadmap to compliance. We will request a relevant documentation of your systems, technical details of your network configuration and relevant documents that describe your business processes.
In the remediation phase, all remedial actions are defined, penetration testing is done and evidence for compliance readiness is collected. We provide a detailed report of issues stating your compliance status and any remediation needs. Together we will fix areas of non-compliance and perform the retesting process.
The onsite PCI DSS Audit is where we meet your team and sample systems in order to gather accurate information to satisfy PCI DSS compliance. The evidence and the full SAQ is checked. If a Report on Compliance (RoC) is needed, the full audit will be performed. During this phase, the Attestation of Compliance (AOC) is generated.