Driving business growth without exposing customer data

PCI Compliance Consulting

Accepting electronic payment card data is required to successfully run your business today. Securing that card data is your responsibility, regardless of amount of transactions, or processing method.

You are liable for protecting your customer's data even if you only use a point of sale device.

What does PCI compliance mean to your business?

According to the Payment Card Industry (PCI)Security Standards Council, any business which accepts direct payment from a customer via any form of electronic payment card is required to be PCI compliant. The difficulty in obtaining compliance is dependant on the size of your business in terms of number of payment card transcations per year.

What are conseqence for non-compliance?

While typically enforced by your Merchant Bank, the costs of non-compliance can be:

  • Monetary fines.
  • Mandatory upgrade to higher, and more expensive merchant levels.
  • Loss of payment card processing privileges.
 

Depending on the laws where you do business, you may be required to fund identity theft protection for your customers in the event your business suffers a data breach.

How can we help?

Our experts can help you design a plan for working with PCI in a manner which not only makes sense for the size of your business, but also satisfies the payment card brand’s requirements, while at the same time providing a high level of security for your organization.

PCI Services Offered

 
Self Assessment Questionnaire

If your business processes less than 6 million payment card transactions per year, then an annual self assessment questionnaire is required for compliance. Our experts can ensure this documentation is filled out properly and submitted on time to avoid missing critical compliance deadlines.

Quarterly Security Scanning

Regardless of business size, all merchants need a quarterly security scan of their network by an scanning tool off the PCI Approved Scanning Vendor (ASV) list. We utilize several tools from the ASV list, and can tailor our scanning process to meet the sensitivies of your particular business.

Gap Analysis

If payment card data means more to your business than a simple point of sale device, our consultants can perform a gap analysis of your organization to identify key areas which lead to non-compliance or additional cardholder risk.
Areas analyzed include: business processes, network infrastructure, and information security program.

Remediation Plan

Once an accurate picture of your organizations compliance status has been obtained, either through our own gap analysis, or by using existing analyis results, our consultants will produce an easy to understand, and comprehensive plan of action in order to gain PCI compliance.

Remediation Plan Implementation

If you do not have the resources to implement a remediation plan on your own, our experts can take the lead in the remediation process and follow through all the way to being offically recognized as compliant.

When designing and implementing the reccomended mitigations, our consultants will draw on their vast expertise in information security, vulnerability management, and secure network operation.