PCI Compliance

Recent years have seen an explosion of data breaches involving the loss of credit card details and other payment data. As more and more organisations move into the mobile and online payments arena the need for a structured approach intensifies.

Integrity360’s GRC Practice has PCI-DSS experts who specialise in the internal analysis of risks to cardholder data and can help prepare organisations for full PCI-DSS certification as required by their acquiring banks or card issuers. The team have both the financial and technical knowledge to identify gaps in your systems and recommend technical and organisational improvements.

The Payment Card Industry Data Security Standard (PCI-DSS) is a complicated mix of best practices, technologies, policies and operational procedures. While all merchants and service providers are required to comply with all 220+ items in the standard, there is sufficient flexibility to allow each covered entity to comply in the manner that best suits the organisation. However, this flexibility also creates an opportunity to misinterpret the requirements, resulting in a false state of compliance.

By engaging Integrity360 as your PCI compliance partner, you will gain access to Integrity360’s expertise in validating your current compliance state. Beyond this initial evaluation, we also provide detailed recommendations in the form of individual projects that are necessary in order to come into compliance.

Our expertise in designing and implementing security technologies ensures that our recommendations are based on realistic expectations for security and on-going management while minimising the impact on the business.

Our approach starts with understanding your business environment and your objectives. The goal of this understanding is to become an extension of your team and provide recommendations on how to comply with the DSS while minimising the intrusion on established business operations. Our consultants will spend sufficient time with your IT staff and business leadership to learn the ways in which your company interacts with cardholder data and during this time they will measure your current compliance with each of the requirements in the standard.

With “current state” information at hand, we will analyse all of the gaps in your compliance program and make targeted, detailed and realistic recommendations to address each gap. The outcome of this analysis is a final report that embodies the remediation program necessary to come into compliance.

If your organisation electronically holds, transmits or processes credit card information, regardless of how that information was acquired, then it is required by the Payment Card Industry (PCI) to comply with its Data Security Standard (DSS).

Build and maintain a secure network

Protect cardholder data

Maintain a vulnerability management program

Implement strong access control measures

Regularly monitor and test networks

Maintain an information security policy