PCI Security Standards Audits

PCI Security Standards

Why It's Important

Credit card fraud in the US is at an all-time high. The PCI DSS standard establishes a framework by which organizations can protect their cardholder data environment. By complying with PCI requirements, merchants and service providers can reduce the risk of a breach, gain competitive advantage, and increase their credibility.

How We Can Help

Our PCI engagements focus on managing the full life cycle of our client’s certification process for their cardholder data environment. CompliancePoint offers a full suite of services to assist organizations with all aspects of their compliance effort.

CompliancePoint's services related to PCI Security Standards include the following:

  • PCI DSS

    The PCI Data Security Standard (PCI DSS) applies to major credit card providers, and is intended to protect cardholder data. To achieve PCI DSS compliance, all members, merchants and service providers must adhere to this standard, which offers a single approach to safeguarding sensitive data for all card brands.

  • PCI PA-DSS

    The Payment Application Data Security Standard (PA-DSS) applies to software vendors and others who develop payment applications that store, process, or transmit cardholder data as part of authorization or settlement, where these payment applications are sold, distributed, or licensed to third parties.

  • Point-to-Point Encryption (P2PE)

    Point-to-Point Encryption, also known as end-to-end encryption, is an emerging technology that is used to protect sensitive credit card data from point of swipe, while in transit, all the way to the payment processor. This type of protection is critical as hackers increasingly focus on stealing credit card data while it is in transit. As a QSA P2PE, CompliancePoint is one of a very select group of PCI compliance certification firms authorized to certify to P2PE standards.

  • Experian Independent 3rd Party Assessment (EI3PA)

    EI3PA is an annual assessment of Experian's 3rd Party Processors' ability to protect Experian's Personally Identifiable Information (PII) data. If you are a company processing, storing, or transmitting PII provided by Experian, you may be required to have your systems assessed by a QSA to determine how well you are protecting this information externally and internally from unauthorized users.

  • Network Vulnerability Scanning & Penetration Testing

    These services ensure that the network is secure and are a necessary step for compliance with various Industry and Regulatory standards.

    Learn More >>

  • Policies & Procedures

    Every organization needs written policies and procedures that clearly define the company’s methods for protecting in-formation and data assets.

    Learn More >>

  • Daily Logging & Monitoring

    CompliancePoint will design and implement a log management solution that fits your regulatory log retention requirements. The design will ensure that devices log the required information, the logs are consolidated in a secure central repository and that the logs are automatically moved to near-line or offline storage for worry-free long term retention.

  • Security Awareness Training

    Employees who are not trained or generally aware of infor¬mation security can be the weakest link in your organization. Many industries require a continuing employee education program and proof of performance.

    Learn More >>

  • Security Consulting

    Our Security Consultants understand the risks involved and the security processes and procedures that should be implemented. These services can be related to any aspect of information security such as technology, policy and procedures, network design, disaster recovery, and more.

    Learn More >>

Outlined are key activities, deliverables, and milestones for ensuring the organization's PCI compliance and certification:

  • PHASE I: Gap Assessment

    Our team will review and analyze current policies, procedures, and initiatives relevant to the organization’s debit/credit/payment transaction environment or payment application design. All significant third party outsourcers and managed service providers will be reviewed as well.

  • PHASE II: Gap Report & Remediation Plan

    After the gap analysis report is developed and delivered, our team will conduct a joint review of the findings and recommendations. Additionally, our team will create a remediation and implementation project plan.

  • PHASE III: Audit & Reporting

    Once the assessment and report of the organization’s PCI compliance is complete, our team will issue or validate the appropriate compliance certificate.

Download the Top 10 Questions about PCI Compliance
Receive Updates, Alerts & Holiday Reminders