Organisations that store, process, or transmit cardholder data must achieve and maintain compliance with the Payment Card Industry Data Security Standard (PCI DSS). Developed and maintained by the major card brands (Visa, Mastercard, JCB, Discover, American Express and Union Pay), PCI DSS provides merchants and service providers with a common baseline of controls to secure card payments.

The specific controls required can vary significantly depending on how your organisation handles cardholder data. When implemented correctly, PCI DSS helps organisations reduce the risk of cybersecurity breaches.

Benefits of complying with the PCI DSS standard

Through maintaining PCI DSS compliance you can:

• Meet contractual requirements with customers, acquirers, or payment brands.
• Provide detailed control definitions to secure your assets and reduce data breach risks.
• Protect customer cardholder details, thereby increasing customer trust.
• Avoid or reduce potential fines following a data breach.

Our service and approach

Secora Consulting has significant experience in providing PCI DSS services to customers and can help your organisation on its way to achieving compliance.

We offer multiple services, including:

• PCI DSS Scoping Workshops – Helping your organisation in identifying your attestation requirements and scope (or scope reduction, if possible)
• PCI DSS Gap Analysis – Complete gap analysis services to help you identify non-conforming controls and remediation advice
• Self-Assessment Questionnaire (SAQ) completion assistance – Helping your organisation fill out the relevant SAQs correctly
• PCI DSS Implementation and Remediation assistance – helping your organisation interpret control or remediation requirements correctly
• Internal Audit – Helping your organisation meet Requirement 12.4.2 by assisting you with independent quarterly audit reviews
• Penetration Testing (Internal, Segmentation, External and Application)