PCI DSS services
The Payment Card Industry Data Security Standard (PCI DSS) applies to all organisations that transmit, store, or process customer card data on their own network as ‘merchants’. It was introduced by the payment card industry collectively to protect cardholder data and reduce the card providers’ level of risk from credit card fraud and is enforced with fines and sanctions for non-compliance.
As a leading independent provider of security testing and training services we have extensive knowledge of PCI DSS, how it affects your organisation currently and the impact of future changes. We have worked with our clients to develop a range of PCI DSS services covering the full cycle of compliance.
We work with you to help you to understand and implement the security processes necessary to ensure compliance. We are accredited by the Payment Card Industry Security Standards Council – the governing body responsible for the PCI DSS - as an Approved Scanning Vendor (ASV) and a Qualified Security Assessor (QSA). This allows us to carry out the required network security scanning and also assess and confirm your compliance with the standard.
Our PCI DSS services include:
Scoping - we work with you to identify the full scope of the standard for your organisation and advise on how and where this could be reduced.
Gap analysis -we identify any areas of your systems, networks and business processes that need to be addressed to ensure you pass, before you embark on the full audit.
Internal / external network vulnerability scanning - we run the vulnerability scans which are required at least quarterly; the output is a comprehensive report which ranks vulnerabilities from 1 (lowest risk) to 5 (highest risk) and identifies any required remedial actions.
External penetration testing (ethical security testing) -we run the external penetration testing (ethical security testing) which is required for level one merchants at least annually.
Achieving compliance -we audit and certify your compliance, either by working with you to correctly complete the self-assessment questionnaire, or by conducting a full QSA audit.
Maintaining compliance -we review the work you have already completed ensuring continuity in reporting, a quicker turn-around time for accreditation, and reduced costs.
For further information on our PCI DSS services, please use the contact us form here.
Why SecureTest?
Experienced team of expert penetration testers
Independent from suppliers of IT / security solutions
Jargon-free project reports which make clear recommendations
Our accreditations
