PCI DSS (Payment Card Industry Data Security Standard) is a mandatory requirement on all organisations that process credit or debit card payments, develop products for payment card transactions and / or store payment card details. The standard defines the minimum requirements for information security protection of the payment card data, the compliance requirements that companies are required to meet and the manner in which that compliance will be assured. These requirements are backed up by a series of punitive sanctions for non-compliance, as many international brands are finding out to their cost – TJX recently settled with Visa to the tune of $40.9 million!

The core requirements of the PCI DSS are as follows:

  • build and maintain a secure network protect cardholder data
  • maintain a vulnerability management program
  • implement strong access control measures
  • regularly monitor and test networks
  • develop and maintain an information security policy

Achieving PCI DSS compliance can be a complex and resource intensive process, requiring a considerable amount of information security expertise and project management skills. Buy-in is needed from all key areas of the business; an IT-driven PCI DSS compliance program inevitably struggles to effect compliance across an organisation once it is perceived to be “another IT project.” Eporedia brings years of experience to play in this regard, not only with information security and project management expertise, but also with the business-level experience to achieve appropriate buy-in from the organisation. Our key services for assisting companies to achieve PCI DSS compliance include:

  • Scoping Gap Analysis
  • 6 Steps Approach
  • Remedial Planning Application & Network Testing
  • PCI DSS Audit & Certification
  • Continued Compliance