Payment Card Industry (PCI)
The Payment Card Industry Data Security Standard (PCI DSS) is a set of security requirements that merchants or service providers who handle credit card data or can affect the security of credit card data need to comply with.
Whether your organization is new to Payment Card Industry (PCI) compliance and needs some help getting started, or you’ve been doing it for a few years and are ready to start your transition to complying with PCI DSS version 4.0, Richter can help fulfil your PCI needs.
PCI Readiness Assessment
If your organization is new to PCI compliance, Richter can identify and document the scope of your cardholder data environment: what payment processes are used, where payment card data is stored in your network, what systems come into contact with payment card data, what systems help to secure the data, and who is responsible for all of these aspects.
Once we have a good understanding of your PCI scope, annual credit card transaction volume and payment channels, our team of Qualified Security Assessors (QSAs) will conduct a readiness assessment to identify the gaps that may exist that would prevent you from being PCI compliant. Since even one non-compliant requirement would result in a non-compliant assessment, it’s important to get everything right before jumping in to the PCI validation.
PCI Advisory Services
If you have questions or PCI problems to solve, such as understanding the PCI implications of a new project or business initiative, or whether policies or procedures that you are developing will satisfy PCI DSS, Richter’s experienced team of QSAs can provide assistance.
PCI Validation – Self-Assessment Questionnaire (SAQ)
Once your organization is ready for the annual PCI validation, we can assist you in selecting the appropriate SAQ, which is determined based on how your organization accepts and processes credit card payments. We will then help you with assessing your cardholder data environment against the applicable SAQ. Our team of QSAs can perform the assessment activities on your behalf, or if you are comfortable doing this, we can review your assessment work and sign off as the assisting QSA Company.
We will also prepare the Attestation of Compliance, to be signed by an officer of your company, as well as Richter, attesting to the results of the self-assessment.
PCI Validation – Report on Compliance (ROC)
For merchants with a large volume of annual credit card transactions, that is, greater than 6 million per year, or service providers assisting with greater than 300,000 annual transactions, an onsite assessment by a QSA is required. This is a more thorough assessment than the SAQ assessment, and it results in a Report on Compliance. Our team of experienced Qualified Security Assessors will plan the assessment activities, verify the scope of the cardholder data environment, perform the validation, and issue the Report on Compliance.
We will also prepare the Attestation of Compliance, to be signed by an officer of your company, as well as Richter, attesting to the results of the onsite assessment.