Ensure payment card information is stored, processed and transmitted in a secure environment.
The Payment Card Industry Data Security Standard (PCI DSS) is a set of security requirements
endorsed by the five most globally influential payment brands: Visa, Mastercard, JCB, Discover
and American Express.
It is a mandatory annual requirement for any business (merchant or
service provider) which stores, processes or transmits payment card data, to attest their
compliance with the standard. PCI DSS attestation demonstrates that your business uses and
protects the confidential payment data of your customers in a safe and secure way, minimising
risks associated with payment card fraud.
You will be asked by your bank to complete at least one of the following each year depending on your status and the type of payment channels in use.
ROCs are for level 1 merchants (6 million transactions a year) and level 1 service providers (300,000 transactions per year). It is compulsory that a QSA completes this report and provides an independent confirmation of your compliance status. ROCs must be accompanied by a completed Attestation of Compliance (AOC) report.
SAQs are for merchants who are level 2 to 4 (based upon total transactions per annum) and level 2 service providers. PGI can assist with clarifying this, which can reduce your compliance overheads. SAQs include elements of independent attestation by a Qualified Security Assessor (QSA) if you wish to increase the validity of the report.
Payment card security ranks as
one of the most important security concerns for consumers and businesses that accept all types
of card payment transactions, either in person (card present) or online and over the telephone
(card-not-present).
According to the Verizon 2019 Payment Security Report, only 36.7% of
organisations globally were actively maintaining payment security compliance. The introduction
of stricter data protection laws, such as GDPR, and increased regulatory scrutiny should focus
organisations’ attention even more on PCI DSS compliance.
With the increasing importance
of the digital economy and online businesses, it’s crucial to have the right security controls
in place to ensure customer payment information is secure.
These PCIDSS services are some of our advisory & consulting offerings.
Gap Assessment And Remediation Advisory
Technical Evidence Automation
QSA Services & Business As Usual Monitoring