PCI DSS COMPLIANCE
Do you know what you gain with PCI DSS compliance?
Security for your customers and your business
PCI DSS (Payment Card Industry Data Security Standard)
It is the result of the efforts of the PCI Security Standards Council (PCI SSC) formed by the main payment card issuers (Visa, Mastercard, American Express, JCB and Discover).
PCI DSS makes it easier for businesses, service providers and banks to reduce the risk of information leakage from cardholders, by protecting the infrastructures (all the elements involved in the ecosystem) that process, transmit or store data related to credit cards.
Any organization that participates in the processing, transmission or storage of payment card information must comply with the requirements of the PCI DSS standard for the purpose of protecting the card data of its customers.
Complying with a PCI DSS certification guarantees you many benefits:
How do we do it?
Compliance and definition of the scope:
Don't wait until it breaks.... do it better! It is always better to stay ahead and detect opportunities to implement better processes, methodologies and technologies in security for your clients and your business.
The first step to COMPLY with the PCI DSS requirements is to perform an analysis identifying the system components such as: applications, databases, servers, network equipment, etc., involved in processing, storage and / or card data transmission within the organization.
Flow Survey
This service will allow you to identify the environment where the current Cardholders are stored in your organisation to optimise the scope of your PCI,DSS certification
This is achieved by identifying the processes or flows where card data is stored, processed or transmitted depending on the role that the entity performs in the card payments industry.
Inventories
Identify the components of the system involved in the card information environment
Network Follow-Up
The network segments involved in the card data environment and those that connect to the CDE (cardholder data environment) are identified, in order to define scope reduction strategies at the network level and the necessary controls to isolate the cardholder data environment.
Service suppliers identification and responsibility matrix
The service providers with whom card information is shared or that impact the security of the data environment are listed, and the controls that are the responsibility of the supplier and the organization are identified.
The first step to COMPLY with the PCI DSS requirements is to perform an analysis identifying the system components such as: applications, databases, servers, network equipment, etc., involved in processing, storage and / or card data transmission within the organization.
Retention Tables
They reference the repositories that contain PAN (Primary Account Number) card data with their respective location, protection method, retention time and method of destruction.
GAP
Or breach, whichever you prefer. It is the step you must take as an organization to know the status of compliance with current practices vs. PCI DSS Security standard requirements by performing a gap analysis.
Provide a detailed comparison of what your organization is currently doing by identifying areas of non-compliance that must be resolved before a formal compliance validation of the standard
To conduct a correct gap analysis we use the following methodology;
5. Analysis of results
6. Consolidated
7. GAP Report
8. End
Action Plan
Based on the GAP findings, we validate the action plan to close the gaps by accompanying and monitoring the process.
We objectively support the findings as our services do not compromise our independence of judgment as a QSA organization.
Compliance evaluation
Some organisations stand out in the compliance evaluation, and others don't: which one do you want to be?
The most notable are those that focus their efforts on defining controls for cardholder data protection and / or confidential authentication data during processing, storage and / or transmission.
The evaluation will focus on validating whether the card data storage, processing or transmission processes comply with PCI DSS standard requirements.
Our methodology
5. Perform on-site evaluation
6. Generate ROC and AOC
7. End
This is what we DO in your organisation to comply with PCI regulations:
We support the organization in its compliance monitoring process so that the controls of the PCI DSS standard are carried out as part of its business activities (BAU), through quarterly validations.
We support businesses and service providers in validation of compliance by means of the SAQ (Evaluation Questionnaire), by accompanying them in the scope definition, diagnosis, action plan and validation of the applicable PCI DSS standards requirements.
We support the organisations in validating suppliers or 3rd parties, identifying the corresponding standards requirements according to the services they render and verifying their compliance.
We work with your Organisation’s Project Manager to ensure that the scope of the PCI,DSS will allow us to comply with its purpose and add value to your organisation.
Start your PCI,DSS compliance evaluation NOW by starting to protect your customers' information