PCI Assessment Services - More than a check in the box

No one has to tell you how important Payment Card Industry Data Security Standard (PCI DSS) compliance is to your business. The PCI DSS is a well-established and comprehensive set of controls, and if you can demonstrate compliance, it means that you have protected your organization against the most common risks associated with handling credit card information. A recent Gartner Research survey of IT leaders and major merchants confirmed that PCI programs do indeed help business leaders improve security and implement controls that protect both customers and enterprises.

Accuracy in the Face of Complexity

The PCI DSS, and PCI assessments, is by its very nature, comprehensive. Unless you are a trained assessor, you probably don’t have the time and energy to understand each of the 280 recommended controls, yet you are still responsible for all of them. Time and time again, our clients tell us that a PCI assessment should be more than a ‘check in the box’.  They want to know that they have done the right things, but they don’t always have the time and training to do a proper analysis. What's more, they don’t want to be sold a bill of goods for solutions they may not need. Smart leaders seek out accurate information about their compliance status and unbiased, independent and cost-effective compliance solutions. Quite simply, they want a PCI assessment partner that they can trust.

What’s your level for a PCI assessment?

If you store, process or transmit credit card data in any way, you are responsible for complying with the PCI DSS. How you validate, or ‘prove’ that you're compliant is a function of your level. If you are a merchant, your bank/processor(s) will designate you as one of four merchant levels based on your annual transaction volume. If you are a service provider, you need to know the number of transactions you process annually. then determine where your level based on the guidelines published by Visa and MasterCard.

How do you validate compliance?

To validate compliance, a merchant or service provider needs to have clean external vulnerability scan reports and one of two assessment documents:

  1. A Self Assessment Questionnaire (SAQ)
  2. A Report on Compliance (ROC)

A SAQ is just that – a document that a merchant or service provider completes and signs themselves. A ROC is completed
and signed by a Qualified Security Assessor (QSA).

Where are you on your PCI journey?

Coalfire has served thousands of customers, from the most sophisticated firms to newcomers to PCI. Regardless of where you are, we have solutions that will help you navigate PCI. Where do you want to start?

Your Need Coalfire Services
Run Quarterly Scans Rapid SAQ
Measure against the PCI standard prior to assessment Gap Analysis
Get help with completing an accurate pci self assessment Facilitated Self Assessment
Get a PCI assessment by a QSA Report on Compliance

How can we help with your PCI Compliance needs?

Please provide a brief description of how we can help along with your contact information. We will respond within 24 business hours.

Bookmark and Share
Follow us to get the latest updates.