The Payment Card Industry Data Security Standard (PCI DSS) is mandated by the major payment brands (MasterCard, Visa, Amex, JCB and Discover) for organisations that handle payment card data. The PCI DSS defines the minimum security controls needed to protect cardholder data. If you process, store, or transmit payment card data, you are required to comply with PCI DSS. Merchants that accept payment via debit or credit cards and service providers that process payment card data are required to comply with the standard.
Compliance with PCI DSS enables your organisation to meet its contractual obligations whilst protecting payment card data and reducing risks relating to fines and reputational damage.
Achieving PCI DSS compliance can be a challenging, confusing, and for some, expensive experience. Privasec can guide you through the process of understanding what to do and give you pragmatic choices about how to minimise compliance costs. Our PCI DSS Health Check is a high-level assessment, led by a registered PCI Qualified Security Assessor (QSA). Here is how the service works:
- One of our dedicated PCI QSA coordinates workshops with your key SMEs to review your existing payment channels, as well as supporting infrastructure, and identify opportunities for scope reduction.
- Based on the preferred scope reduction option, the QSA accesses your current compliance status at a high level and works with you to create a tailored and practical approach to meet the PCI DSS compliance.
- A Health Check report is provided to you that outlines your current compliance status, key gaps, and details a strategy for meeting PCI DSS compliance. The QSA can also present that report to internal stakeholders, and if required, to acquiring bank as well.