Take your compliance journey with us
The Payment Card Industry Data Security Standard (PCI DSS) is required by all businesses that store, process or transmit cardholder data. Businesses who do not comply with this standard risk being fined or having their card processing capability withdrawn.
More importantly though, without these relatively basic information security controls in place, there is the very real potential for a security breach resulting in cardholder data loss and the potential financial penalties and impact to reputation that go with that.
The full PCI DSS extends to over 300 individual requirements however, depending on how many credit card records you are exposed to each year – and by which channels – not all of these may apply to your business.
If you are a merchant handling 6 million or more card transactions or records per year then you are categorised as Level 1 and are required to be formally assessed by a PCI Qualified Security Assessor (QSA) each year. Under this number and it will require the submission of an annual Self Assessment Questionnaire.
If you are a Service Provider providing services to merchants or other service providers that require you to be PCI DSS compliant, the levels are different. You will need a QSA to produce your Report of Compliance (ROC) once you are processing over 300,000 transactions per year. Under this and you can also self-assess.
The following table breaks down the PCI DSS levels for Merchants.
|Level 1||lens||More than 6,000,000 transactions per year.|
|Level 2||lenslens||1,000,000 to 6,000,000|
|Level 3||lenslenslens||20,000 to 1,000,000.|
|Level 4||lenslenslenslens||Below 20,000.|
PCI DSS Levels for Service Providers
|Level 1||lens||More than 300,000 transactions per year.|
|Level 2||lenslens||Up to 300,000.|
We provide services that cover the full range of PCI DSS, top to bottom. Have a look below or get in touch to discuss your requirements in more detail.
Every business is different and most of the devil of compliance is in the detail. Let our consultants work with you to identify the most pragmatic solutions for your business.
Requirement 11.3 means you need to define a penetration testing methodology and perform testing at least annually and after significant change.
Requirement 6.5 states that compliant organisations must train their developers in secure coding techniques.
If PCI DSS is new to you it can be overwhelming. 4ARMED removes the headache by breaking down the standard and explaining how it fits for your organisation.
Make effective use of time by engaging our expert consultants to power through the gap analysis, identify remediation steps and help you develop and implement compliant processes and documents, first time.
Take advantage of our experience by letting us do the things we're good at and allowing you to focus on the business-specific items you need to address.
Template PCI DSS policies and documentation, years of experience of implementing, completion of your Self Assessment Questionnaire. There's no quick fix for PCI DSS but this is the closest you'll get.
Want to discuss your requirements further? Wondering whether PCI DSS Compliance is right for your business? There's an easy way to find out, give us a call or complete the contact form below to tell us where you're at and we will work with you to find the best solution for you.