preloader
PCI DSS

PCI DSS (Payment Card Industry Data Security Standard)

It is the result of the efforts of the PCI Security Standards Council (PCI SSC) formed by the main payment card issuers (Visa, Mastercard, American Express, JCB and Discover).

PCI DSS makes it easier for businesses, service providers and banks to reduce the risk of information leakage from cardholders, by protecting the infrastructures (all the elements involved in the ecosystem) that process, transmit or store data related to credit cards.

Any organization that participates in the processing, transmission or storage of payment card information must comply with the requirements of the PCI DSS standard for the purpose of protecting the card data of its customers.

BENEFITS

Complying with a PCI DSS certification guarantees you many benefits:

  1. Strengthening the security of other processes and means of payment: The requirements of the PCI DSS standard are transversal to the organization and allow for protecting, for example, PSE transfers, B2B payments.
  2. Protection of reputation and business image: In the event of a compromise with card information, consequences are generated for the reputation and image of the brand. PCI DSS helps protect the brand from potential incidents.
  3. Risk reduction by implementing controls that mitigate the risk of a possible data leak.
  4. Increase customer confidence: PCI DSS compliance is a cover letter to the card payments industry, building trust with customers and the wider ecosystem.
  5. Create a culture of safety in the organization.
SERVICES:

How do we do it?

1

Compliance and definition of the scope:

Don't wait until it breaks.... do it better! It is always better to stay ahead and detect opportunities to implement better processes, methodologies and technologies in security for your clients and your business.

The first step to COMPLY with the PCI DSS requirements is to perform an analysis identifying the system components such as: applications, databases, servers, network equipment, etc., involved in processing, storage and / or card data transmission within the organization.

2

Flow Survey

This service will allow you to identify the environment where the current Cardholders are stored in your organisation to optimise the scope of your PCI,DSS certification

This is achieved by identifying the processes or flows where card data is stored, processed or transmitted depending on the role that the entity performs in the card payments industry.

3

Inventories

Identify the components of the system involved in the card information environment

4

Network Follow-Up

The network segments involved in the card data environment and those that connect to the CDE (cardholder data environment) are identified, in order to define scope reduction strategies at the network level and the necessary controls to isolate the cardholder data environment.

5

Service suppliers identification and responsibility matrix

The service providers with whom card information is shared or that impact the security of the data environment are listed, and the controls that are the responsibility of the supplier and the organization are identified.

The first step to COMPLY with the PCI DSS requirements is to perform an analysis identifying the system components such as: applications, databases, servers, network equipment, etc., involved in processing, storage and / or card data transmission within the organization.

6

Retention Tables

They reference the repositories that contain PAN (Primary Account Number) card data with their respective location, protection method, retention time and method of destruction.

7

GAP

Or breach, whichever you prefer. It is the step you must take as an organization to know the status of compliance with current practices vs. PCI DSS Security standard requirements by performing a gap analysis.

Provide a detailed comparison of what your organization is currently doing by identifying areas of non-compliance that must be resolved before a formal compliance validation of the standard

To conduct a correct gap analysis we use the following methodology;

  1. Start
  2. Definition of Scope
  3. Interview planning
  4. Required interviews

5. Analysis of results
6. Consolidated
7. GAP Report
8. End

8

Action Plan

Based on the GAP findings, we validate the action plan to close the gaps by accompanying and monitoring the process.

We objectively support the findings as our services do not compromise our independence of judgment as a QSA organization.

9

Compliance evaluation

Some organisations stand out in the compliance evaluation, and others don't: which one do you want to be?

The most notable are those that focus their efforts on defining controls for cardholder data protection and / or confidential authentication data during processing, storage and / or transmission.

The evaluation will focus on validating whether the card data storage, processing or transmission processes comply with PCI DSS standard requirements.

Our methodology

  1. Start
  2. Scope Validation
  3. Evidence collection
  4. Planning, on-site evaluation

5. Perform on-site evaluation
6. Generate ROC and AOC
7. End

This is what we DO in your organisation to comply with PCI regulations:

Compliance follow-up

We support the organization in its compliance monitoring process so that the controls of the PCI DSS standard are carried out as part of its business activities (BAU), through quarterly validations.

SAQ compliance verification

We support businesses and service providers in validation of compliance by means of the SAQ (Evaluation Questionnaire), by accompanying them in the scope definition, diagnosis, action plan and validation of the applicable PCI DSS standards requirements.

Third-Party Compliance

We support the organisations in validating suppliers or 3rd parties, identifying the corresponding standards requirements according to the services they render and verifying their compliance.

Project Management

We work with your Organisation’s Project Manager to ensure that the scope of the PCI,DSS will allow us to comply with its purpose and add value to your organisation.

Your mission:

Start your PCI,DSS compliance evaluation NOW by starting to protect your customers' information