Emerging threats
Provide your customers with peace of mind
Payment card security ranks as one of the most important security concerns for consumers and businesses that accept card payment transactions, either in person (card present) or online and over the phone (card not present).
We help merchants and service providers to achieve PCI DSS compliance, ensuring that payment card information is stored, processed and transmitted in a secure environment.
What is PCI DSS compliance?
The Payment Card Industry Data Security Standard (PCI DSS) is a set of security requirements endorsed by the six most globally influential payment brands: Visa, Mastercard, JCB, Discover, UnionPay and American Express.
It is a mandatory annual requirement for any business (merchant or service provider) which stores, processes or transmits payment card data, to attest their compliance with the standard. PCI DSS attestation demonstrates that your business uses and protects the confidential payment data of your customers in a safe and secure way, minimising risks associated with payment card fraud.
We have prepared a shareable PDF which you can download here: When your organisation needs to be PCI DSS compliant
What does PCI DSS compliance look like?
You will be asked by your bank to complete at least one of the following each year depending on your status and the type of payment channels in use.
Self-Assessment Questionnaire (SAQ)
Our Qualified Security Assessors (QSAs) can help you identify which SAQ is right for your organisation. SAQs are for merchants who are level 2 to 4 (based upon total transactions per annum) and level 2 service providers must complete SAQ D. There are ten different SAQs and potentially much confusion as to which version should be used. SAQs include elements of independent attestation by a QSA if you wish to increase the validity of the report.
Speak to an expertReport on Compliance (ROC)
Level 1 merchants and service providers must submit an annual ROC. It is compulsory that a QSA completes this report and provides an independent confirmation of your compliance status. ROCs must be accompanied by a completed Attestation of Compliance (AOC) report.
Speak to an expertBusiness as Usual (BAU)
Maintaining compliance is just as important as achieving it in the first place; companies must complete frequent and regular testing of controls to do this. PGI's PCI experts can support all year round on a range of services, including internal vulnerability assessments, internal and external penetration testing, and include segmentation testing (where applicable). We can also review your environment or system changes that would have an impact on your PCI scope and compliance reporting.
Speak to an expertLet the experts take charge of your PCI DSS compliance
Our PCI DSS experts provide peace of mind and ensure your internal staff can concentrate on core operations. Our QSAs can scope your requirements, identify areas that require improvement, implement security measures, undertake auditing and reporting functions, and help with your compliance activities.
Regardless of your current position on the PCI DSS journey, we can support your organisation to meet your compliance needs:
Scope validation: Is your scope correct?
PCI DSS scope validation ensures your organisation is evaluated against the correct SAQ reporting standard, which entails in-scope systems, people and processes. Conversely, it can also confirm that you are not over-reporting, which saves time and reduces costs.
Gap analysis: Don't spend what you don't need to
Our PCI DSS experts can support on your gap analysis assessment to provide you with an in-depth understanding of where your efforts should be focused, by reviewing existing policies, processes, and controls relevant to the cardholder data environment to determine your current level of compliance.
Consultancy: Focus on your core operations, while we take care of PCI DSS
Assistance from our Qualified Security Assessors (QSA) in supporting PCI control to ensure that measures are pragmatic and appropriate. Our team can support your organisation to meet the PCI DSS control(s) to ensure compliance with PCI DSS 4.0.
For SAQs, our team can provide expert validation on your compliance scope, help assess your scope for potential reduction, Self-Assessment Questionnaire (SAQ) determination, and employee awareness and training sessions.
Audit and compliance reporting: Peace of mind
We can support your organisation to achieve compliance—either with the correct SAQ or a full Report on Compliance (ROC). This ensures peace of mind, particularly around the credibility of the content.
Technical reporting: ASV Scanning
To remain compliant with PCI DSS, a successful ASV scan must be conducted quarterly (i.e., every three months) and after any significant changes to the network (e.g., new system installations, changes in network topology). There is no need for multiple suppliers and procurement processes, PGI's security experts can provide ASV Scans to fit your timelines.
Book your scan nowStaying PCI compliant: Long-term peace of mind
To reduce the likelihood of ‘next year non-compliance’ syndrome, our PCI DSS consultants can assist you with maintaining and continuously improving security. This includes further services, such as internal vulnerability assessments as well as internal and external penetration testing and segmentation testing (where applicable).
We can also help in reviewing business or system changes and the impact these have on your PCI scope and reporting requirements.
Why choose PGI to help you become PCI DSS compliant?
At PGI, we’re proud to be among a select group of assessors recognised and acknowledged by the PCI Security Standards Council (SSC) for expertise, experience, and professionalism in the field of payment card data security.
As approved Qualified Security Assessors (QSA), we assess compliance to the latest standard (currently PCI DSS 4.0), helping you to minimise the reputational and financial risks associated with non-compliance, and ensure you’re demonstrating an ongoing commitment to security.
Our PCI DSS consulting services can be undertaken onsite or remotely, dependent upon your safety and risk management processes.
Speak to an expertWe build long-range digital resilience using tech-assisted human insight.
Find out how we can help you strengthen your digital security
Speak to an expertDigital Investigations, Cyber security and Capacity Building
Detect
We work at the cutting edge of threat detection, continually scanning the horizon for next-generation risks.
Protect
Whether you use the term cyber security, digital security, or technical security, we believe in providing simple, effective and affordable solutions that fit your requirements.
Build
Our globally trusted Build team develops long-term digital resilience for national governments, NGOs, institutions and corporates.