The Payment Card Industry Data Security Standard (PCI DSS) is a set of security standards designed to ensure that all companies that accept, process, store or transmit credit card information maintain a secure environment. It is the worldwide benchmark that helps safeguard customers’ payment card data.
The PCI DSS applies to any organisation, regardless of size or number of transactions, that accepts, transmits or stores any cardholder data.
To achieve PCI-DSS compliance, you will need to align your processes and operations to the standard. You will need to engage a Qualified Security Assessor (QSA) to conduct an audit. QSA is a designation conferred by the PCI Security Standards Council to those individuals that meet specific information security education requirements, have taken the appropriate training from the PCI Security Standards Council, are employees of an approved organisation.
You are responsible for looking after your customer’s card data, regardless of who processes the data on your behalf, and PCI DSS is something that you must do by law.
Customers expect that when they make a payment to your company or organisation, their details will remain secure. Being compliant with PCI DSS shows that you are doing your best to keep your customers valuable information safe and secure and out of the hands of people who could use that data in a fraudulent way.
If you suffer a data breach and you are not PCI DSS compliant you could incur card scheme fines and may be liable for the fraud losses incurred against these cards and the operational costs associated with replacing the accounts. The reputational damage may mean your customers won’t want to do further business with you.
“Ascentor have helped us enormously. They brought a lot of experience and knowledge to the process: knowledge of the PCI process, standards and requirements but also technical knowledge. This was really, really valuable. It meant that rather than coming up with a technical solution in a vacuum and then having it not meet the requirement, they could advise us on the right approach, one that would be successful.”
Customer Services Direct (CSD), Ipswich
Becoming PCI DSS compliant can be complex and expensive if not approached carefully. Ascentor can provide PCI DSS consultancy support to make your journey easier. Our approach is thorough and robust – we look at your business as a whole, striving to make PCI fit your business, not making your business fit PCI.
We start with our tried and tested Gap Analysis, a four-step process that will arm you with the knowledge to make business decisions regarding improvements and related resources.
On completion of an Ascentor Gap Analysis, you will understand where you are today, what needs to be done and an outline plan of how to achieve it. We can then support identified remediation activities.
Once we are satisfied you have reached a compliant position, we work with you to arrange a QSA to conduct an audit. We can provide ongoing post-certification support to discuss the effect of new developments on continued compliance.
Your cyber security challenges and our pragmatic approach – we could be the perfect fit. Contact Dave James, MD at Ascentor for an informal chat.