The major credit card issuers (Visa, MasterCard, Discover and American Express) created PCI (Payment Card Industry) compliance standards to protect personal information and ensure security when transactions are processed utilizing a payment card. PCI provides the guidelines to help merchants protect cardholder data.
What Does PCI DSS Compliance Mean?
In security terminology, it implies that your organization abides by the PCI Data Security Standard (DSS) requirements for security management, policies, procedures, network architecture, software design and other important protective measures. In operational terms, it entails that your organization is active in making sure its customers’ payment card data is being kept safe throughout every transaction, and that both your organization and its customers are protected against the pain and cost of data breaches. (https://www.pcisecuritystandards.org/merchants/)
All members of the payment card industry (financial institutions, credit card companies and merchants) must comply with these standards if they wish to accept credit cards. Inability to meet compliance standards can result in fines from credit card companies and banks and even the loss of the ability to process credit cards.
Compliance is a continuing process, not a one-time project. It helps avert security breaches and theft of payment card data, not just today, but in the future:
As data compromise becomes increasingly sophisticated, it proves ever more difficult for an individual merchant to stay ahead of the threats; and
The PCI Security Standards Council is continuously working to monitor threats and improve the industry’s means of dealing with them, through enhancements to PCI Security Standards and by the training of security professionals.
Compliance has indirect benefits as well:
Through your efforts to comply with PCI Security Standards, you’ll likely be better prepared to comply with other regulations as they come along, such as HIPA, SOX (Bill 198/CSA), etc.;
You will establish a foundation for a corporate security strategy; and
You may identify ways to better the efficiency of your IT infrastructure.
If your organization is not compliant:
Compromised data negatively affects consumers, merchants, and financial institutions;
Just one incident can severely damage your organization’s reputation and its ability to conduct business effectively;
Account data breaches can lead to loss of sales, and depressed share price (for publicly traded organizations); and
Possible negative consequences also include: Lawsuits, cancelled accounts, payment card issuer fines and government fines.
The Litcom Approach
Litcom’s team of security professionals can provide your organization with the required expertise and knowledge to achieve compliance in a cost-effective manner. We also believe that compliance can be a major opportunity for organizations to manage and reduce information security risk. Our team of expert security consultants will help you achieve and maintain PCI compliance while looking at opportunities to reduce cost and operational risk.
Our services include:
PCI DSS Self-Assessment Questionnaire
Our team of security consultants will assist your organization in completing the PCI DSS Self-Assessment questionnaire (SAQ). The PCI Data Security Standard Self-Assessment Questionnaire is a high level validation tool intended to assist merchants and service providers determine their compliance with the Payment Card Industry Data Security Standard (PCI DSS). There are multiple versions of the PCI DSS SAQ to meet the various scenarios and criteria defined by the PCI.
PCI Compliance Gap Analysis, Strategy and Roadmap Definition
Our team of certified security consultants will assist your organization in developing a strategy and roadmap that outlines the detailed plan for achieving PCI compliance. This service includes a comprehensive gap analysis that strictly follows the PCI DSS guidelines. This engagement should be performed prior to an official PCI Audit.
PCI DSS Remediation Services
PCI remediation efforts can be challenging, arduous and costly if not properly planned. We offer a wide range of services to help your organization meet all 12 PCI DSS requirements, and define custom solutions and security controls implementation to address your specific needs. Since there may be more than one way to address a PCI requirement, it is critical to get the right security advice for implementing controls that are effective, meet the PCI audit criteria and are cost effective.
Contact Litcom today for more information at: info@litcom.ca