What is PCI DSS?

The Payment Card Industry Data Security Standard (PCI DSS) is a compliance standard that defines data security
requirements relating to the processing, storage or transmission of cardholder data.

PCI DSS Compliance | Consultancy and Compliance Services

The PCI DSS was founded in December 2004 by 5 major card brands – Visa, MasterCard, American Express, Discover and JCB.

In 2006, the card brands formed the PCI Security Standards Council (PCI SSC), an independent council established to maintain and update the PCI standards. The PCI DSS is now on its 4th major release.

The standard was agreed by the major card brands as a common, consistent and secure minimum level of protection to be applied by all organisations that process, store or transmit cardholder data to safeguard payment card data and payment card customers. PCI DSS applies to card payments accepted in person, over the phone or online.

PCI DSS was developed in response to the ever increasing impact and costs of payment card fraud. By 2004 annual fraud losses on UK-issued cards had reached £504.8 million but by 2011 losses had dropped to £341.0 million despite the continuing growth of card use and transaction volumes1.

A large part of this drop can be attributed to the improved data security practices implemented by merchants as they achieved PCI DSS compliance.

Benefits of certification:

PCI DSS Compliance reduces the risk of payment card fraud and ensures merchants protect their customers and their customer’s sensitive data.

PCI DSS Compliance means that customers and partners can trust the merchants to appropriately handle their payment card information; customer confidence in the merchant is increased. A confident customer is more likely to use and to return to that merchant’s services and is more likely to recommend their services to others.

PCI DSS Compliance enhances a merchant’s reputation amongst their peers, with acquirers and with the card brands.

PCI DSS is a data security standard and compliance also means that the merchant systems are more secure, that security risks outside of those specific to cardholder data are also reduced, and that other information security regulations and standards can be more easily complied with.

Merchants may use PCI DSS as the basis for a comprehensive Information Security Management System for their organisation.

PCI DSS Compliance | Consultancy and Compliance Services

PCI Certification Process.

Understand the process to obtain PCI DSS certification:

REQUEST A CALL BACK

PHASE 1

UNDERSTAND

We work to understand your business to ensure that we provide guidance and support in the context of your organisational goals and operating environment. We need to know who you are, what your current control environment status is and what your GRC drivers are.

We need to understand your business, its environment, and its future plans. We need to ensure that GRC decisions made today are valid tomorrow. This is often referred to as scoping, which is used to define the boundaries of your required testing, assessment or consultancy.

PHASE 2

DESIGN

Should you have any identified gaps, or any testing has shown vulnerabilities we can now work with you to design the correct remedial actions to close or compensate them. This is done by engaging with us in a Trusted Advisor Service capacity where we can work together to design or improve your control framework.

Whilst doing this we analyse and categorize the levels of risk that your business is susceptible to, and where the greatest risks are. We then use this data to provide key performance indicators (KPIs) that can be used to monitor your progress, health and risk with a financial value that your executive will understand and be able to focus upon.

PHASE 3

ASSESS

If you have engaged with us to perform an assessment this may be your entry point into our approach, or, if we have been consulting with you then we will have been working with you to get to this point.

Even if you are only working with us to provide services to one standard or regulation, such as PCI DSS, we will still assess you using our own GRC portal which we will supply to you either, free of charge (single user) or if you prefer we can give you a cost for a full interactive multi-user version that your staff can access and maintain in a business as usual (BAU), keep the lights on (KTLO) continuous model.

PHASE 4

MAINTAIN

It has been stated a few times before in this document but it’s imperative that your GRC framework is maintained. Statistics show that within a standard GRC model, that at a second or subsequent assessment 67% of companies will fail. They simply have not maintained their controls.

We try to ensure that you maintain your compliance. We do this by ensuring that your controls are integrated into your BAU/KTLO activities. We design your control framework from the outset to be easily managed and monitored. During the Maintenance phase Sysnet will build you a monitoring environment and toolset that will ensure you don’t fall out of compliance.

PIN on Glass | What is it | eBook

PIN
on Glass
What is it?

Download Now!