The Payment Card Industry Data Security Standard (PCI DSS) applies to all merchants and service providers that process, transmit or store cardholder data. If you handle card payments, you have to comply – or risk suffering financial penalties or even the withdrawal of your facility to accept card payments by your bank.
Compliance with the Standard is notoriously complicated – as proven by Verizon’s 2015 PCI Compliance Report, which found that 80% of companies do not meet the PCI DSS‘s 12 requirements at the interim assessment of their security arrangements. “This indicates that they’ve failed to sustain the security controls they put in place.”
Compliance requirements for merchants and service providers differ depending on a number of factors, including the size of the organisation and the volume of transactions it undertakes. The criteria that a merchant or service provider has to meet are set by the individual payment brands (Visa, American Express, MasterCard, etc.), each of which has its own compliance programme and criteria for compliance. Small wonder, then, that so few companies pass their interim assessment.
Determine the state of your compliance with the Standard
A PCI DSS gap analysis determines an organisation’s current compliance levels and outlines the specific steps needed to achieve full compliance with the Standard. It includes a detailed review of compliance activities, using tools such as on-site interviews with key staff, an assessment of the in-scope system components and configurations, and a physical and logical data flow analysis, in addition to examining out-of-scope components.
IT Governance Ltd is an authorised PCI Qualified Security Assessor (QSA). Our PCI DSS Gap Analysis service provides a detailed review of your current PCI compliance posture and produces a strategic roadmap that can be implemented to achieve full compliance with the Standard.