PCI DSS Self Assessment Consultancy

Museum with POS, Phone and Web Payment Channels

Date Added: 12th February 2016


The Client

The client is a world-renowned museum based in the UK with multiple payment channels, physical Point-of-sale (POS) devices at the tills, phone payments for donations along with ticket and merchandise purchasing through an Internet store.

The Challenge

The client was required by their acquirer to achieve PCI DSS compliance but was struggling to decipher the different requirements of the PCI DSS, understand which Self Assessment Questionnaires (SAQ) they needed to complete and how to implement the controls mandated by the standard.

Our Solution

4ARMED conducted an initial cardholder data flow mapping to identify where card payment data was present in their business environment. Based on this information we selected the relevant SAQs that mapped to the identified payment channels and began a short gap analysis.

The gap analysis is a methodical process of working through the requirements of each SAQ and identifying any existing documentation and processes that would meet the requirement. If there are none this is marked as a gap. Upon completion a High Level Plan was drafted and our client engaged us for follow-up activities through a call-off consultancy agreement.

These activities included the introduction of a number of new processes, all documented by 4ARMED, policies and recommendation and oversight of technical changes to network devices and the POS terminals. 4ARMED also completed the SAQs and assisted with the delivery of these to the acquirer.

It was hugely satisfying to us to help our client work through this PCI DSS programme and achieve the result they needed.

Marc Wickenden, Technical Director at 4ARMED

Next Steps

Could your business benefit from an engagement like this? Want to discuss your requirements further? Give us a call or complete the contact form below to tell us about your requirements and we will work with you to find the best solution for you.