What is PCI DSS compliance?
We perform audits and consultation to get you certified for PCI DSS compliance.
The Payment Card Industry Data Security Standard (PCI DSS) is a set of comprehensive requirements for enhancing payment account data security. This standard is used globally and was developed by the major card brands (Mastercard, VISA, American Express, Diners and JCB) to help facilitate the broad adoption of consistent data security measures in order to prevent fraud and theft of payment card data.
PCI DSS consists of a large number of technical and organisational security measures, all aimed at providing the highest level of security for the processing and storage of credit card information. So, if your business accepts, stores, or transmits card data, or outsources these functions, PCI DSS compliance validation is required by the card brands and in turn, your acquiring bank.
Why become PCI compliant?
Despite being a mandatory requirement, there are some very good reasons for being PCI compliant. These are:
MAINTAIN TRUST AND REPUTATION
By avoiding financial disaster and negative publicity associated with a security breach, PCI Compliance helps your organisation maintain trust and reputation, and meet the business requirements of partners and customers.
PEACE OF MIND
Reassurance that threats from cyber criminals, internal threats and malware are being dealt with.
AVOID FINES
Being compliant may provide a safety net against hefty fines and rigorous requirements if your organisation is breached.
HELPS COMPLY WITH NEW LEGISLATION
Such as the General Data Protection Regulation (GDPR) which regulates the processing of personal data in the EU.
CONSTANT IMPROVEMENT
The PCI DSS puts a framework in place that encourages regular review and process improvement.
SAFEGUARD COMMERCIALLY SENSITIVE DATA
Cyber criminals target companies with high value data. Prepare your company against cyber attacks.
Our service
We offer a PCI DSS for level 1, 2, 3 and 4 merchants and service providers. Our exclusive service consist of:
· Guidance throughout PCI project
· Remote validation project
· Remediation assistance
· Policy and Procedure assistance
· Self-assessment Questionnaire assistance and ROC report writing
PCI-DSS requires merchants and service providers to perform regular scanning. Apart from requirement 11.2.2, all scans can be executed by a PCI-QSA. For requirement 11.2.2, Fortytwo is licensed to use Qualysguard as an external ASV.
Companies using our PCI compliance services
Why work with Fortytwo?
Engaging Fortytwo for PCI DSS compliance gives you access to calibrated expert advice that ensures that you neither over, nor under-invest in your PCI compliance efforts as advice is run by multiple Qualified Security Assessors (QSAs) with different areas of expertise. Work with Fortytwo and you’ll benefit from:
CERTIFIED QSA COMPANY
We annually perform audits for several large businesses. Our QSAs are highly experienced working with PCI DSS and performing audits in a cost-effective manner.
CLEAR COMMUNICATION
We strongly believe in providing easy to understand guidance and reporting. The PCI DSS rules may seem simple and straightforward, but on second sight, they are often regarded as complex and open for discussion. In practice, the PCI DSS has detailed auditor guidelines that help merchants and service providers to check if they are compliant to the individual requirements. Our PCI DSS QSAs assist in explaining these auditor guidelines and provide guidance on how to implement them.
PROVEN GLOBAL EXPERTISE
We have extensive experience working with small and big companies worldwide. We have all the expertise to help companies become compliant, both from a technical as from an organisational viewpoint.
TRUSTED ADVISOR
We see ourselves as your trusted advisor and a critical part of your in-house team. Since we have the necessary resources to complement your every security need, we are able to keep your efforts focused while providing you with as much as little consultative expertise as you need.
LEADERSHIP TEAM
Our PCI experts have extensive knowledge and up-to-date expertise. PCI security standards are constantly evolving, but our QSA security specialists can audit your IT environments to the latest requirements.
KNOWLEDGE BASE ACCESS
Our online database gives access to templates and example documents, provides useful tools and tips on PCI compliance. Our security knowledge base is continuously up-to-date, provided with the current development and based on customer feedback.
HIGHLY SATISFIED CUSTOMERS
We provide value to our clients on a consistent, ongoing basis and we are proud of our long-term client relationships.
+ EXPERIENCE
We have long-held and deep experience in cyber security transformation across financial services, retail, travel industry, media and other sectors.
How we work
Our PCI DSS assessment comprises the following 5-phases:
Information gathering
During this phase the scope and reach of the project is determined. Together with all stakeholders we review PCI DSS and the steps needed to become compliant. An inventory is made of documents such as your policies and procedures, application information, installation manuals, test reports and source-code reviews. We will execute a firewall audit and network design audit, in order to ensure the correct scope.
Preparation
The preparation phase consists of a review of the remediation actions, a walk through of the Self-Assessment Questionnaire (SAQ) and a vulnerability scan. We will request copies of your planned actions to help create a remediation plan.
Gap Analysis
During this phase we identify the possible problem areas of PCI DSS and create a roadmap to compliance. We will request a relevant documentation of your systems, technical details of your network configuration and relevant documents that describe your business processes.
Remediation
In the remediation phase, all remedial actions are defined, penetration testing is done and evidence for compliance readiness is collected. We provide a detailed report of issues stating your compliance status and any remediation needs. Together we will fix areas of non-compliance and perform the retesting process.
Onsite Audit
The onsite PCI DSS Audit is where we meet your team and sample systems in order to gather accurate information to satisfy PCI DSS compliance. The evidence and the full SAQ is checked. If a Report on Compliance (RoC) is needed, the full audit will be performed. During this phase, the Attestation of Compliance (AOC) is generated.