What is the PCI DSS?
The Payment Card Industry Data Security Standard (PCI DSS) was designed to protect businesses and their customers against payment card theft and fraud. If your business accepts, stores, or transmits card data, or outsources these functions, PCI DSS compliance validation is required by the card brands and in turn, your acquiring bank.
Why become PCI DSS compliant?
Despite being a mandatory requirement, there are some very good reasons for being PCI compliant. These are:
- Peace of mind – That your information systems are protected from cyber criminals, internal threats and malware.
- Protection of your company’s reputation – By avoiding the high volume of negative publicity associated with a card data breach.
- Consumer Trust – PCI DSS compliance demonstrates a real business commitment to the protection of personal information, not just credit cards.
- Avoid the huge financial penalties associated with a data breach – You can be fined by legislative bodies such as the Information Commissioners Office (up to £500k*) and the card schemes will also levy fines. Cumulatively, these fines can run into hundreds of thousands of pounds.
- Helps you to comply with other new legislation – Such as the European Union Data Protection Directive** which now regulates the processing of personal data in the EU.
- Constant improvement – The PCI DSS puts a framework in place that encourages regular review and process improvement.
Make PCI DSS compliance a simple, efficient and thorough process. Work with 2-sec and you will benefit from:
Industry leading Qualified Security Assessors – Our team of highly experienced information security professionals have been working with PCI DSS since it was introduced as version 1.0 in 2004.
Working with a PCI specialist – we cover the entire range of payment card compliance services including PA-DSS, P2PE, Penetration Testing, PCI DSS Training and Application Security.
Access to a dedicated Customer Success Manager – we know that you’ll have a lot of questions throughout this process so you’ll have direct phone & email contact with your own go-to person.
Clear communication – Our mission is to ‘simplify security’ so all our communication is in a clear and jargon free way.
Easy to understand reporting – we will provide you a detailed breakdown of all your results in an easily interpretable format.
Transparent proposals – with inclusive pricing so you get no unexpected surprises.
Working together to meet your deadlines – Our project management skills and tools will ensure we take the shortest path possible to an accurate and complete PCI DSS audit.
Customer satisfaction and high retention rates – many of our PCI clients have been with us since day one.
Thought Leadership – As globally renowned PCI DSS experts we continue to innovate, and have led forums such as the PCI SSC’s Third Party Security Assurance SIG and contributed to PCI DSS v3.0.
How we work
Our comprehensive PCI DSS assessment follows a 6-step process:
This consists of an initial scope review and gap analysis. Once possible problem areas have been identified, we provide a detailed checklist of issues that must be addressed before the Onsite Assessment can take place.
The formal onsite PCI DSS Assessment, known as the Report on Compliance (RoC), is where we meet your team and sample systems in order to gather accurate information to satisfy PCI DSS compliance.
Post-Onsite Summary Report
This report provides an overview on your compliance status and any remediation needs.
We will work with you to fix areas of non-compliance and expedite the retesting process to ensure timely completion.
Final PCI DSS Report and Submission
The final RoC report outlines compliance to PCI requirements and after client review, we will submit your compliance status to relevant stakeholders.
PCI DSS comprises a number of time-sensitive controls and must be maintained on a daily basis. We help you stay on top of PCI DSS throughout the year, so you sail through your next annual PCI DSS Assessment like a breeze.