Compliance with PCI DSS, the global Payment Card Industry Data Security Standard, is imperative if you are to minimise the risk of a data breach, avoid financial penalties – which are rising sharply – and ultimately continue to process card payments.
As a PCI Qualified Security Assessor (QSA) our primary role is to audit and validate e-commerce merchants’ compliance. We are also ideally placed to advise you on the likely overall cost and the steps you can take to minimise the time and resources associated with compliance.
PCI DSS: 5 common mistakes to avoid
The message is clear: if you take card payments, PCI DSS applies to you. So why do some merchants remain non-compliant and risk hefty fines, reputational damage and potentially losing their ability to accept card payments? The following article highlights five common mistakes that we at Dionach regularly see in the course of our work as a PCI Qualified Security Assessor (QSA) and Forensic Investigator (PFI).
We provide the full breadth of QSA services from auditing, conducting a report on compliance (RoC), assisting with Self Assessment Questionnaires (SAQs) and consultancy to ensure the transmission, storage and processing of your cardholder data is fully secure and compliant with PCI DSS.
Many merchants and service providers have benefited from our expert guidance on practical ways to reduce the cost and complexity of their compliance requirements.
Dionach’s auditors can help to accurately scope your environment, defining which systems are in-scope for PCI DSS.
This is vital to ensure that the correct security controls are applied to each relevant system to achieve compliance – and not to those that are out-of-scope and would unnecessarily increase costs.
We work with you to understand and map your card payment data touchpoints – both technical and human – using detailed diagrams that allow us to confidently and accurately define the correct scope for your PCI DSS assessment.
One of the roles of our auditing team is to conduct on-site reviews in order to validate your Self-Assessment Questionnaire (SAQ) Compared to the option of simply self-assessing without the sign-off of a QSA, this provides you with added peace of mind that you are compliant and taking best practice steps to mitigate the risk of a data breach.
Following an on-site assessment, we produce a comprehensive report on compliance that assesses your cyber security resilience and adherence to the necessary PCI DSS requirements.
We are responsible for issuing your Attestation of Compliance (AOC) to demonstrate compliance to your acquirer, payment brands, customers, and relevant stakeholders.