information security pci dss

We help merchants and service providers achieve PCI DSS compliance.

Provide your customers with peace of mind. Ensure payment card information is stored, processed and transmitted in a secure environment.

PCI DSS Version 4.0 is now available; click here to learn what has changed.

Why is PCI DSS compliance important?

Payment card security ranks as one of the most important security concerns for consumers and businesses that accept all types of card payment transactions, either in person (card present) or online and over the telephone (card-not-present).

With the increasing importance of the digital economy and online businesses, it’s crucial to have the right security controls in place to ensure customer payment information is secure. This is even more important, with the introduction of stricter data protection laws, such as GDPR. This increased regulatory scrutiny should focus organisations’ attention even more on PCI DSS compliance.

What is PCI DSS compliance

The Payment Card Industry Data Security Standard (PCI DSS) is a set of security requirements endorsed by the five most globally influential payment brands: Visa, Mastercard, JCB, Discover and American Express.

It is a mandatory annual requirement for any business (merchant or service provider) which stores, processes or transmits payment card data, to attest their compliance with the standard. PCI DSS attestation demonstrates that your business uses and protects the confidential payment data of your customers in a safe and secure way, minimising risks associated with payment card fraud.

What does PCI DSS compliance look like?

You will be asked by your bank to complete at least one of the following each year depending on your status and the type of payment channels in use.

Talk to us about your PCI DSS compliance today

Our consultants will work with you to understand what you need and how best to implement it, to keep costs down.

I'm ready to talk about PCI DSS
  • Self-Assessment Questionnaire (SAQ)

    PGI’s Qualified Security Assessors (QSAs) can help you identify which SAQ is right for your organisation. SAQs are for merchants who are level 2 to 4 (based upon total transactions per annum) and level 2 service providers. There are nine different SAQs and potentially much confusion as to which version should be used. SAQs include elements of independent attestation by a QSA if you wish to increase the validity of the report.

  • Report on Compliance (ROC)

    Level 1 merchants (6 million transactions a year) and level 1 service providers (300,000 transactions per year) must submit an annual ROC. It is compulsory that a QSA completes this report and provides an independent confirmation of your compliance status. ROCs must be accompanied by a completed Attestation of Compliance (AOC) report.

How PGI can help you achieve PCI DSS compliance

Outsourcing your PCI DSS compliance requirements provides peace of mind and ensures internal staff can concentrate on your core operations. Our Information Assurance consultants can scope your requirements, identify areas that require improvement, implement security measures, undertake auditing and reporting functions, and help you remain compliant.

Regardless of its current position on the PCI DSS journey, we can support your organisation to meet its compliance needs:

  • Scope validation: Is your scope correct? Read more Read less

    A PCI DSS scope validation ensures your organisation has correctly evaluated in-scope systems, people and processes. Conversely, it can also confirm that you are not over-reporting, which saves time and reduces costs.

    Our team can provide expert validation of compliance scope, assessment for scope reduction, Self-Assessment Questionnaire (SAQ) determination, and employee awareness and training sessions.

    Learn more

  • Gap analysis: Don't spend what you don't need to Read more Read less

    Understanding where your organisation currently sits with respect to the requirements of PCI DSS can be used to facilitate effective project planning, resource forecasting and budgeting.

    Our team can undertake a gap analysis to gain an in-depth understanding of where efforts should be focused, by reviewing existing policies, processes, and controls relevant to the cardholder data environment to determine your current level of compliance.

    Learn more

  • Implementation: Focus on your core operations, while we take care of PCI DSS Read more Read less

    Assistance from an external Qualified Security Assessor (QSA) in implementing PCI control measures ensures that the measures are pragmatic and appropriate. Our team can put in place—or help your team put in place—the control measures that ensure compliance with PCI DSS.

  • Audit and compliance reporting: Peace of mind Read more Read less

    We can support your organisation with the completion of the required reports—either SAQs or a full QSA-led Report on Compliance (ROC). This ensures peace of mind, particularly around the credibility of the content.

    Learn more

  • Staying PCI compliant: Long-term peace of mind Read more Read less

    To reduce the likelihood of ‘next year non-compliance’ syndrome, PGI’s PCI DSS consultants can assist you with maintaining and continuously improving security. To remain compliant, companies must complete mandatory testing, which PGI can provide. This includes internal vulnerability assessments as well as internal and external penetration testing and segmentation testing (where applicable).

    We can also help in reviewing business or system changes and the impact these have on your PCI scope and reporting requirements.

    Learn more

Are you aware of the changes for PCI DSS V4.0?

Take a look at our quick overview

Read now

Why choose PGI to help you become PCI DSS compliant?

At PGI, we’re proud to be among a select group of assessors recognised and acknowledged by the PCI Security Standards Council (SSC) for expertise, experience, and professionalism in the field of payment card data security.

As approved Qualified Security Assessors (QSA), we assess compliance to the latest standard (currently PCI DSS 3.2.1), helping you to minimise the reputational and financial risks associated with non-compliance, and ensure you’re demonstrating an ongoing commitment to security.


  • Remote or onsite Read more Read less

    Our PCI DSS consulting services can be undertaken onsite or remotely, dependent upon your safety and risk management processes.

  • Trained and certified security consultants Read more Read less

    Our world-class security consultants have been trained and certified by the SSC to carry out client assessments and provide guidance to entities who handle card data.

  • Tailored to your needs Read more Read less

    Whether your company is a large multinational corporation or an SME, PGI can help you meet PCI DSS requirements. Solutions are affordable because they are proportionate only to a client’s needs, not a blanket approach.

  • Vendor-neutral advice Read more Read less

    PGI are vendor-neutral, so we will always act in your best interests when assessing your risks and offering a solution.

  • Global and cross-sector experience Read more Read less

    PGI are made up of personnel with backgrounds in cyber security, law enforcement, intelligence, the military and academia and have implemented information security measures across a wide range of industries in more than 50 countries.

Want to find out more?

Contact Us:

t: +44 20 4566 6600