PCI Compliance Services
Achieve PCI compliance
Book your PCI DSS consultation
PCI DSS - the fundamentals for merchants to be compliant.
Ensure payment card information is stored, processed and transmitted in a secure environment.
Why is PCI DSS important?
Payment card security ranks as one of the most important security concerns for consumers and businesses that accept all types card payment transactions, either in person (card present) or online and over the telephone (card-not-present).
According to the Department for Digital, Culture, Media and Sport, just 37% of businesses have policies in place to control important security requirements, such as data encryption. The introduction of stricter data protection laws, such as GDPR, and increased regulatory scrutiny should focus organisations’ attention even more on PCI DSS compliance.
With the rise of the digital economy and online businesses, it’s crucial to have the right security and information controls in place to ensure customer payment information is secure.
What is PCI DSS Compliance
Payment Card Industry Data Security Standard (PCI DSS) is a set of security requirements endorsed by the five most globally influential payment brands: Visa, Mastercard, JCB, Discovery, and American Express.
It is a mandatory annual requirement for any business (merchant or service provider) which stores, processes or transmits payment card data, to attest their compliance with the standard. PCI DSS attestation demonstrates that your business uses and protects the confidential payment data of your customers in a safe and secure way, minimising risks associated with payment card fraud.
You will be asked by your bank to complete at least one of the following each year depending on your status and the type of payment channels in use:
Self-Assessment Questionnaire (SAQ)
SAQs are for merchants who are level 2 to 4 (based upon total transactions per annum) and level 2 service providers.
There are nine different SAQs and potentially much confusion as to which version should be used. PGI can assist with clarifying this, which can significantly reduce your compliance overheads.
SAQs include elements of independent attestation by a Qualified Security Assessor (QSA) if you wish to increase the validity of the report.
Report on Compliance (ROC)
ROCs are for level 1 merchants (6 million transactions a year) and level 1 service providers (300,000 transactions per year).
It is compulsory that a QSA completes this report and provides an independent confirmation of your compliance status.
ROCs must be accompanied by a completed Attestation of Compliance (AOC) report.
Why should your business become
certified with PGI?
About PCI DSS
Compliance for your business with
PGI is a Qualified Security Assessor (QSA) company, authorised by the PCI Security Standards Council (SSC) to assess compliance to the PCI DSS 3.2.1. This version has been mandatory since May 2018.
Trained and certified security consultants
Our world-class security consultants have been trained and certified by the SSC to carry out client assessments and provide guidance to entities who handle card data.
Tailored to your needs, regardless of your
Whether your company is a large multinational corporation or an SME, PGI can help you meet PCI DSS requirements. PGI offers 4 main services which guide an organisation through the whole compliance journey, or just a part of it, depending on your specific needs.
Achieving PCI DSS Compliance
At PGI, we’re here to support you as your business strives to achieve and maintain PCI DSS compliance. We offer four levels of support to ensure we’re meeting your needs, no matter where you are on your PCI DSS journey.
PCI Compliance Advice
We will provide expert validation of compliance scope, assessment for scope reduction, SAQ determination, and employee awareness and training sessions.
We will also identify pragmatic, best practice solutions to help your organisation become or remain complaint with PCI DSS.
Find out more
PCI Gap Analysis
This service provides you with an understanding of where your organisation currently sits with respect to the requirements of PCI DSS.
Our consultants will review your existing policies, processes, and controls relevant to the cardholder data environment to determine your current level of compliance.Find out more
We will aid with the completion of required reports: SAQs or full QSA-led ROCs.
On completion of these reports the Consultant will also produce an Attestation of Compliance (AOC) to be signed by both the QSA conducting audit work and an Executive Officer of your organisation.
Find out more
Testing and maintaining PCI DSS Compliance
To remain PCI DSS compliant, companies must complete mandatory testing, which PGI can provide. These include internal vulnerability assessments, internal and external penetration and segmentation testing (where applicable).
Quarterly assessment of key controls and processes will also ensure that there are no unwanted non-compliance surprises for your annual re-attestation.Find out more
Product and pricing
|£ Request a price||
Comprehensive requirements assessment
Experienced and knowledgeable consultants
Full and detailed compliance reporting
Why choose PGI?
At PGI, we’re proud to be among a select group of assessors recognised and acknowledged by the PCI Security Standards Council (SSC) for expertise, experience, and professionalism in the field of payment card data security.
As approved Qualified Security Assessors (QSA), we assess compliance to the latest standard (currently PCI DSS 3.2.1), helping you to minimise the reputational and financial risks associated with non-compliance, and ensure you’re demonstrating an ongoing commitment to security.
PCI DSS knowledge hub
PGI’s Information Assurance (IA) team can provide expert QSA knowledge and experience to assist you with all of your information security and compliance requirements. Along with this service, consider viewing our other services, tools and blogs below.
Products & resourcesTraining anchor
Cyber Essentials NSCS advice
The top five technical tips to keep secure by the National Cyber Security Centre
Find out more
Prevention of attacks response to security breaches business protection
Find out more