PCI DSS Compliance Audit

Card payments may be ubiquitous nowadays, but this means card data is at a constant risk of being stolen by opportunistic hackers. When a massive leak or theft does happen, cardholders are quick to blame their financial institution, leading to often irreparable financial and reputational losses for the latter.

To prevent further card fraud and maintain the trust between card merchants and the hundreds of millions of cardholders around the world, American Express, Discover, JCB International, MasterCard, and Visa Inc. joined forces to create the Payment Card Industry Security Standards Council (PCI SSC) in 2006 to ensure that members security policies, technologies, and processes adhere to the Data Security Standard (DSS).

Your company needs compliance with PCI DSS if:

You store, process, or transfer any payment or card-related data

Your business processes may affect the security of payment card data

What is the Data Security Standard

PCI DSS comprises 12 compliance requirements groups that fall into 6 main goals.

Goals

PCI DSS Requirements


Build and maintain a secure network and systems

  1. Install and maintain a firewall configuration to project cardholder data
  2. Do not use vendor-supplied defaults for system passwords and other security parameters

Protect cardholder data

  1. Protect stored cardholder data
  2. Encrypt transmission of cardholder data across open, public networks

Maintain a vulnerability management program

  1. Protect all systems against malware and regularly update anti-virus software or programs
  2. Develop and maintain secure systems and applications

Implement strong access control measures

  1. Restrict access to cardholder data by business need to know
  2. Identify and authenticate access to system components
  3. Restrict physical access to cardholder data

Regularly monitor and test networks

  1. Track and monitor all access to network resources and cardholder data
  2. Regularly test security systems and processes

Maintain an information security policy

  1. Maintain a policy that addresses information security for all personnel

PCI DSS assessments

QSA
External assessment

Conducted by an external organization certified by PCI SSC.

ISA
Internal assessment

Conducted by an internal auditor who is certified by PCI SSC.

SAQ
Self-evaluation

The audited company fills out a self-assessment questionnaire.

QSA certification audit by Group-IB

It is recommended that all trade and service enterprises with over one million transactions as well as services providers with over 300,000 transactions need to conduct a QSA every year.

Group-IB is a Qualified Security Assessor and therefore qualified by the PCI Council to perform on-site PCI Data Security Standard assessments in Central Europe, the Middle East, and Africa.

Before the QSA assessment we can also conduct a preliminary audit, give recommendations for eliminating deficiencies and develop the necessary documents.

Audit process by Group-IB

1Pre-assessment
  • Collection the initial data related to the scope of PCI DSS
  • Analysis of the company’s technical documentation
  • Clarifying audit parameters and create audit plan
2Onsite Audit
  • Performing necessary interviews
  • Collection of audit evidence
3Onsite Audit
  • Creation of Report on Compliance and Attestation of Compliance
  • Providing of the PCI DSS compliance certificate

What you get

Report on Compliance

Attestation of Compliance

PCI DSS compliance certificate

Why choose Group-IB’s Compliance Audit and Consulting

First-rate team of certified experts

Team of qualified experts who have 10+ years of experience auditing various infrastructures (GDPR DPP, CISSP, CISA, PCI QSA, ISO and others)

Technological and human intelligence

The strong synergy between Group-IB’s experts and proprietary Threat Intelligence & Attribution ensure up-to-date knowledge of attacker TTPs

Comprehensive approach

We not only check for compliance but also draft internal documentation and recommendations, and provide risk assessments and consulting

No nonsense reporting

We provide thorough, easy-to-read reports that clearly outline gaps in compliance as well as corresponding remediation measures

Contact us to receive a consultation on international standards and best practices compliance assessment

Report an incident

Get 24/7 incident response assistance from our global team

APAC: +65 3159-3798
Europe: +31 20 226-90-90
EMA: +971 4 508 1605

Thank you for the inquiry! We will contact you soon.
Cookies

We use cookies on the website to make your browser experience more personal, convenient and secure. You may block or manage the use of cookies, however, in some cases they’re essential to make this site work properly. Learn more about cookies in Group-IB Privacy And Cookies Policy.

 
All you need to know to #StayCyberSafe