PCI DSS

Connect with us

Coalfire helps organizations address challenges associated with complying with the Payment Card Industry Data Security Standard (PCI DSS), from scoping uncertainty and gap analysis to assessments, technology validation, and program strategy. Our guidance enables you to better align your compliance investments with broader business and security objectives.

Overview

PCI DSS compliance is required for any organization that stores, processes, or transmits cardholder data. For some businesses, compliance is considered an obligation. For others, it’s fundamental to broader business objectives. To address your individual needs, we offer a portfolio of PCI DSS compliance services, including PCI DSS 4.0, PCI SSF, PCI P2PE 3.1, PCI in the cloud, and continuous compliance.
.

Assessment

Level 1 assessment – Apply our efficient, systematic PASS methodology to deliver a full report on compliance (ROC), while minimizing disruption and setting you up for long-term compliance success.
Facilitated self-asessment - Quickly, easily, and safely complete a Self-Assessment Questionnaire (SAQ) with guidance from a Coalfire QSA. Designed for Level 2, 3, and 4 merchants and Level 2 service providers.
Vulnerability scanning – Address scanning and reporting requirements and help you identify and remediate vulnerabilities as an Approved Scanning Vendor.
Penetration testing – Simplify compliance with PCI DSS requirement 11.

Advisory

Scope Definition and Strategy advisory – Define and develop a scope to minimize delays and cost overruns, eliminate blind spots in your environment and processes, and help establish a more proficient compliance program.
PCI DSS 4.0 and Cloud Workshops – Learn about new technologies and PCI framework developments with guidance and recommendations from Coalfire.
PCI Risk Analyses – Better manage risk and receive Targeted Risk Analyses (under 4.0) from Coalfire.
Readiness, remediation, and program support – Move activities from 'in progress' to 'complete' with targeted guidance and ongoing engagement for your key outcomes.

Compliance Essentials by Coalfire combines our industry-leading compliance expertise with the latest SaaS and automation technology to provide you with a revolutionary way to manage compliance activities and audits across more than 40 unique frameworks.

Compliance Essentials was developed in partnership with our in-house auditors. It is included with our assessment services and represents an incredible value that can lower your internal compliance costs up to 40%.

Learn more

Leveraging emerging payments technologies

Maintaining payment security is required for all organizations that store, process, or transmit cardholder data. The PCI security standards provide guidance and technical and operational requirements for maintaining payment security. While complying with PCI security standards is mandatory for these entities, simply remaining compliant is not a guarantee of security.

Our services go beyond compliance to help address new threats introduced by emerging technologies such as tokenization, point-to-point encryption (P2PE), 3DS, mobile payments, EMV, and cloud, which often outpace compliance mandates. As a leader in technology-led cyber risk management, Coalfire helps organizations meet compliance mandates while building a pragmatic approach to mitigating cyber risk.

We have expert teams in all areas of PCI assessments applicable to merchants, banks, processors, hardware and software developers, and point-of-sale vendors. Coalfire has the breadth of technical capability within each area and can help organizations validate every aspect of the payment ecosystem.

3DS Assessor
Approved Scanning Vendor
Payment Application Assessor
Point-to-Point Encryption Assessor

Qualified PIN Assessor
Qualified Security Assessor
Software Security Framework Assessor

Why choose Coalfire?

PCI assessment

Leverage expertise drawn from thousands of assessments, hundreds of application validations, and leadership in the acceptance of innovative technologies such as virtualization and cloud services.
Gain knowledge from respected industry leaders. Coalfire is an inaugural member of the PCI Global Executive Assessor Roundtable, and we work closely with the PCI Security Standards Council and the card brands to develop and support improvements to industry standards.
Access deep insights across our payments practice, which is comprised of more than 100 QSAs, all PCI specialist designations, and a team of PFIs.
Coordinate assessments across more than 20 different compliance frameworks, eliminate duplicate activities, and maintain a state of continuous compliance with Compliance Essentials.

PCI advisory

Solve new PCI challenges arising from the growth and evolution of your business and underlying technologies.
Gain a better understanding of your organization’s compliance responsibility and how to effectively achieve it.
Learn from the industry leader in emerging technology expertise – Coalfire serves the top IaaS and Cloud Service Providers.
Get support for all phases of your compliance lifecycle, from consultation and strategy for solution design to remediation, operational readiness, and compliance program execution.

Featured resources

Preparing for PCI 4.0 – big changes you need to know now

white paper

PCI-DSS 4.0 readiness workshop

data sheet

Top 5 global bank reduces total cost of PCI compliance by migrating to the cloud

Client Story

PCI in the cloud

data sheet

No results.

PCI services from Coalfire

PCI DSS report on compliance

Deliver real security outcomes to improve corporate risk management with an efficient Coalfire PCI DSS report on compliance.

Learn more

PCI in the cloud services

Simplify and optimize PCI compliance in the cloud. No one knows the cloud better than Coalfire, the compliance assessor for world’s largest cloud providers.

Learn more

Point-to-point encryption services

Our P2PE services let you navigate the challenges of P2PE validation and non-encrypted solution assessments, while keeping your organization compliant.

Learn more

PA-DSS/SSF compliance

Expertise on standards for developers and software vendors to create secure payment products and solutions.

Learn more

PCI Forensic Investigator (PFI)

Expert investigations using proven methodologies and tools to help determine the occurrence of a cardholder data compromise.

Learn more

Frequently asked questions

What is the Payment Card Industry?

The Payment Card Industry (PCI) is a self-regulatory program that was established by the major credit card brands to provide standards for credit card security, assess industry participants to that standard, and monitor compliance. There are multiple programs that address specific areas of payment security – all are administered by the PCI Security Standards Council (SSC).

Is PCI applicable to my business?

If your business stores, processes, or transmits cardholder data, then you are expected to be PCI compliant. Merchants who take credit card payments should work with their acquiring banks to establish the required assessment expectations. Service providers need to be aware of their customer’s expectations for PCI compliance support.

Is PCI compliance challenging?

There are two unique aspects of PCI compliance, as compared with more common frameworks. First, scope is driven by cardholder data, which can be tokenized. Reducing scope is the number one goal, as it limits risk and total cost. Second, some newer technologies have been more challenging to understand in a PCI context, including cloud computing. Coalfire pioneered, and is the industry leader in, applying cloud to PCI as a result of our work with leading cloud service providers.

What are some recent developments in the PCI world?

A new version of the PCI Data Security Standard (DSS) was released in March 2022. Version 4.0 is a modernization of the standard that was first conceived over 20 years ago. There are new options for risk management and enhanced expectations for all assessed entities that include governance and vulnerability management.

How can Coalfire help with PCI compliance?

Coalfire offers comprehensive services for support throughout the PCI lifecycle. Our portfolio of solutions includes: advisory support in product or service development, compliance program support, DSS 4.0 preparation, scope definition advisory, and assessments. The latter can be supported with a self-assessment or a full Report on Compliance (ROC).

Contact us to improve your cybersecurity posture