PCI Compliance Services

Achieve PCI compliance
Book your PCI DSS consultation

PCI DSS - the fundamentals for merchants to be compliant.

Ensure payment card information is stored, processed and transmitted in a secure environment.


Why is PCI DSS important?

Payment card security ranks as one of the most important security concerns for consumers and businesses that accept all types card payment transactions, either in person (card present) or online and over the telephone (card-not-present).

According to the Department for Digital, Culture, Media and Sport, just 37% of businesses have policies in place to control important security requirements, such as data encryption. The introduction of stricter data protection laws, such as GDPR, and increased regulatory scrutiny should focus organisations’ attention even more on PCI DSS compliance.

With the rise of the digital economy and online businesses, it’s crucial to have the right security and information controls in place to ensure customer payment information is secure.

What is PCI DSS Compliance

Payment Card Industry Data Security Standard (PCI DSS) is a set of security requirements endorsed by the five most globally influential payment brands: Visa, Mastercard, JCB, Discovery, and American Express.

It is a mandatory annual requirement for any business (merchant or service provider) which stores, processes or transmits payment card data, to attest their compliance with the standard. PCI DSS attestation demonstrates that your business uses and protects the confidential payment data of your customers in a safe and secure way, minimising risks associated with payment card fraud.

You will be asked by your bank to complete at least one of the following each year depending on your status and the type of payment channels in use:

Advanced Functionality

Self-Assessment Questionnaire (SAQ)

SAQs are for merchants who are level 2 to 4 (based upon total transactions per annum) and level 2 service providers.

There are nine different SAQs and potentially much confusion as to which version should be used. PGI can assist with clarifying this, which can significantly reduce your compliance overheads.

SAQs include elements of independent attestation by a Qualified Security Assessor (QSA) if you wish to increase the validity of the report.

Risk Management

Report on Compliance (ROC)

ROCs are for level 1 merchants (6 million transactions a year) and level 1 service providers (300,000 transactions per year).

It is compulsory that a QSA completes this report and provides an independent confirmation of your compliance status.

ROCs must be accompanied by a completed Attestation of Compliance (AOC) report.

Why should your business become
PCI DSS certified with PGI?


Compliance for your business with
qualified experts

PGI is a Qualified Security Assessor (QSA) company, authorised by the PCI Security Standards Council (SSC) to assess compliance to the PCI DSS 3.2.1. This version has been mandatory since May 2018.

Daily Intelligence Reports

Report Builder

Trained and certified security consultants

Our world-class security consultants have been trained and certified by the SSC to carry out client assessments and provide guidance to entities who handle card data.

Tailored to your needs, regardless of your
business' industry

Whether your company is a large multinational corporation or an SME, PGI can help you meet PCI DSS requirements. PGI offers 4 main services which guide an organisation through the whole compliance journey, or just a part of it, depending on your specific needs.

Daily Intelligence Reports
Types of PCI DSS

Achieving PCI DSS Compliance

Types of PCI DSS

At PGI, we’re here to support you as your business strives to achieve and maintain PCI DSS compliance. We offer four levels of support to ensure we’re meeting your needs, no matter where you are on your PCI DSS journey.

PCI Compliance Advice

We will provide expert validation of compliance scope, assessment for scope reduction, SAQ determination, and employee awareness and training sessions.

We will also identify pragmatic, best practice solutions to help your organisation become or remain complaint with PCI DSS.

Find out more

PCI Gap Analysis

This service provides you with an understanding of where your organisation currently sits with respect to the requirements of PCI DSS.

Our consultants will review your existing policies, processes, and controls relevant to the cardholder data environment to determine your current level of compliance.

Find out more

PCI Reporting

We will aid with the completion of required reports: SAQs or full QSA-led ROCs.

On completion of these reports the Consultant will also produce an Attestation of Compliance (AOC) to be signed by both the QSA conducting audit work and an Executive Officer of your organisation.

Find out more

Testing and maintaining PCI DSS Compliance

To remain PCI DSS compliant, companies must complete mandatory testing, which PGI can provide. These include internal vulnerability assessments, internal and external penetration and segmentation testing (where applicable).

Quarterly assessment of key controls and processes will also ensure that there are no unwanted non-compliance surprises for your annual re-attestation.

Find out more

Product and pricing

Price Inclusive
£ Request a price   Comprehensive requirements assessment

   Experienced and knowledgeable consultants

   Full and detailed compliance reporting


Why choose PGI?

At PGI, we’re proud to be among a select group of assessors recognised and acknowledged by the PCI Security Standards Council (SSC) for expertise, experience, and professionalism in the field of payment card data security.

As approved Qualified Security Assessors (QSA), we assess compliance to the latest standard (currently PCI DSS 3.2.1), helping you to minimise the reputational and financial risks associated with non-compliance, and ensure you’re demonstrating an ongoing commitment to security.

Register anchor

PCI DSS knowledge hub

PGI’s Information Assurance (IA) team can provide expert QSA knowledge and experience to assist you with all of your information security and compliance requirements. Along with this service, consider viewing our other services, tools and blogs below.

Products & resources

Training anchor

Cyber Essentials NSCS advice

The top five technical tips to keep secure by the National Cyber Security Centre

Find out more 

Penetration Testing

Prevention of attacks response to security breaches business protection

Find out more  

Operators of Essential Services

Helping you navigate NISD compliance with ease

Find out more  

Blog posts

PCI DSS – ensuring ongoing

Read article 

PCI DSS - raising the bar
in 2018

Read article  

PCI DSS – A terminology and
acronym minefield

Read article  
Register anchor

Want to purchase or need more information? Why not speak to one of our experts.

Choose a day and time and one of our team will be in touch.
Alternatively, call us on +44 (0)207 887 2699 or email us at clientservices@pgitl.com

+44 (0)207 887 2699
©2019 PGI - Protection Group International Ltd. All rights reserved.
PGI - Protection Group International Ltd is registered in England & Wales, reg. no. 07967865
Address: Unit 13/14, Swallow Court, Sampford Peverell, Tiverton, England, EX16 7EJ