Payment Card Industry (PCI)
THE CHALLENGE
More and more business is being conducted online, with consumers increasingly using e-commerce websites to buy essential goods and services. Consumers routinely provide online merchants with highly sensitive information, such as credit card details and other personal information, to facilitate these transactions.
However, as credit card details are high-value targets for fraudsters and cybercriminals (as witnessed by several high-profile data breaches), businesses must take the necessary steps to protect that information.
THE IMPORTANCE OF PCI DSS
To assist businesses with implementing the necessary protections, the Payment Card Industry Security Standards Council established the Payment Card Industry Data Security Standard (PCI DSS). PCI DSS is a set of security requirements that businesses that handle credit card data (or do so on behalf of another company) must comply with. Organizations are expected to demonstrate their compliance with PCI DSS annually.
PCI DSS compliance is an essential step for any organization which handles credit card data as it helps to protect customer data, prevent fraud, maintain customer trust, and support organizational resilience.
HOW WE CAN HELP
Whether your organization is new to Payment Card Industry (PCI) compliance and needs some help getting started, or you’ve been doing it for a few years and are ready to comply with PCI DSS version 4.0, Richter can help fulfil your PCI needs.
PCI Readiness Assessment
If your organization is new to PCI compliance, Richter can identify and document the scope of your cardholder data environment: what payment processes are used, where payment card data is stored in your network, what systems come into contact with payment card data, what systems help to secure the data, and who is responsible for all of these aspects.
Once we have a good understanding of your PCI scope, annual credit card transaction volume and payment channels, our team of Qualified Security Assessors (QSAs) will conduct a readiness assessment to identify the gaps that may exist that would prevent you from being PCI compliant. Since even one non-compliant requirement would result in a non-compliant assessment, it’s important to get everything right before jumping in to the PCI validation.
PCI Advisory Services
If you have questions or PCI problems to solve, such as understanding the PCI implications of a new project or business initiative, or whether policies or procedures that you are developing will satisfy PCI DSS, Richter’s experienced team of QSAs can provide assistance.
PCI Validation – Self-Assessment Questionnaire (SAQ)
Once your organization is ready for the annual PCI validation, we can assist you in selecting the appropriate SAQ, which is determined based on how your organization accepts and processes credit card payments. We will then help you with assessing your cardholder data environment against the applicable SAQ. Our team of QSAs can perform the assessment activities on your behalf, or if you are comfortable doing this, we can review your assessment work and sign off as the assisting QSA Company.
We will also prepare the Attestation of Compliance, to be signed by an officer of your company, as well as Richter, attesting to the results of the self-assessment.
PCI Validation – Report on Compliance (ROC)
For merchants with a large volume of annual credit card transactions, that is, greater than 6 million per year, or service providers assisting with greater than 300,000 annual transactions, an onsite assessment by a QSA is required. This is a more thorough assessment than the SAQ assessment, and it results in a Report on Compliance. Our team of experienced Qualified Security Assessors will plan the assessment activities, verify the scope of the cardholder data environment, perform the validation, and issue the Report on Compliance.
We will also prepare the Attestation of Compliance, to be signed by an officer of your company, as well as Richter, attesting to the results of the onsite assessment.
