What is PCI DSS compliance?
Our PCI DSS compliance service helps your business to comply with PCI requirements and ensure accurate PCI validation. The PCI DSS (Payment Card Industry Data Security Standard) is a set of comprehensive requirements for enhancing payment account data security. This standard is used globally and was developed by the major card brands (Mastercard, VISA, American Express, Diners and JCB) to help facilitate the broad adoption of consistent data security measures in order to prevent fraud and theft of payment card data.
PCI DSS consists of a large number of technical and organisational security measures, all aimed at providing the highest level of security for the processing and storage of credit card information. So, if your business accepts, stores, or transmits card data, or outsources these functions, PCI DSS compliance validation is required by the card brands and in turn, your acquiring bank.
Why become PCI compliant?
Despite being a mandatory requirement, there are some very good reasons for being PCI compliant. These are:
MAINTAIN TRUST AND REPUTATION
PCI DSS is among the strongest certifications on information security. Ensure that your organisation safeguards its reputation and trust.
The PCI DSS SSC seeks to create an equal level playing field among its entities and merchants. Be part of the growing group of entities that ensures cardholder data security.
Being compliant may provide a safety net against hefty fines and rigorous requirements if your organisation is breached.
Legislation such as the General Data Protection Regulation (GDPR) require accountability on personal data. PCI DSS is one of the paths that can be chosen towards compliance.
The PCI DSS puts a framework in place that encourages regular review and process improvements.
SAFEGUARD SENSITIVE DATA
Cyber criminals target companies with high value data. Prepare your company against cyber attacks.
How we support you
As QSA, Fortytwo Security is qualified to conduct (pre-)audits and to provide consulting to companies that are looking to achieve, maintain or prove PCI compliance. Our consultants will help you to identify gaps in processes, review and suggest practical remediation solutions and provide additional resources if you have limited resources or skills to do the work in house.
We offer a full range of PCI DSS services, including penetration testing, vulnerability scanning (ASV) and QSA audit support. Our service consist of:
· Guidance throughout PCI project
· Remote validation project
· Remediation assistance
· Policy and Procedure assistance
· Self Assessment Questionnaire (SAQ) assistance and ROC report writing
PCI DSS requires merchants and service providers to perform regular scanning. With the exception of ASV vulnerability scanning, the penetration tests (internal and external) and the internal vulnerability analysis can be performed by a qualified internal resource or one of our security experts. For external scanning of ASV vulnerabilities an approved scan provider certified by PCI SSC (PCI Security Standard Counsil) is required. Fortytwo is certified to use Qualys as an approved scan provider.
Why work with Fortytwo?
Engaging Fortytwo for PCI DSS compliance gives you access to calibrated expert advice that ensures that you neither over, nor under-invest in your PCI compliance efforts as advice is run by multiple Qualified Security Assessors (QSAs) with different areas of expertise. Work with Fortytwo and you’ll benefit from:
CERTIFIED QSA COMPANY
We annually perform audits for several large businesses. Our QSAs are highly experienced working with PCI DSS and performing audits in a cost-effective manner.
We strongly believe in providing easy to understand guidance and reporting. The PCI DSS rules may seem simple and straightforward, but on second sight, they are often regarded as complex and open for discussion. Our PCI DSS QSAs assist in explaining these auditor guidelines and provide guidance on how to implement them.
We see ourselves as your trusted advisor and a critical part of your in-house team. Since we have the necessary resources to complement your every security need, we are able to keep your efforts focused while providing you with as much as little consultative expertise as you need.
We have long-held and deep experience in cyber security transformation across financial services, retail, travel industry, media and other sectors.
Our PCI experts have extensive knowledge and up-to-date expertise. PCI security standards are constantly evolving, but our QSA security specialists can audit your IT environments to the latest requirements.
KNOWLEDGE BASE ACCESS
Our online database gives access to templates and example documents, provides useful tools and tips on PCI compliance. Our security knowledge base is continuously up-to-date, provided with the current development and based on customer feedback.
HIGHLY SATISFIED CUSTOMERS
We provide value to our clients on a consistent, ongoing basis and we are proud of our long-term client relationships.
We have extensive experience working with small and big companies worldwide. We have all the expertise to help companies become compliant, both from a technical as from an organisational viewpoint.
How we work
Our PCI DSS compliance service is a detailed look at your organisation from the Payment Card Industry perspective.
Our PCI DSS assessment comprises a cycle involving four distinct phases that lead to PCI DSS compliance.
Here are the following 4-phases:
During this phase the scope and reach of the project is determined. Together with all stakeholders we review PCI DSS and the steps needed to become compliant. An inventory is made of documents such as your policies and procedures, application information, installation manuals, test reports and source-code reviews. The scoping phase is executed using the OpenScoping toolkit, which defines an objective framework of setting the scope.
Gap Analysis / Pre-audit
During this phase we identify the possible problem areas of PCI DSS and create a roadmap to compliance. We will request a relevant documentation of your systems, technical details of your network configuration and relevant documents that describe your business processes.
In the remediation phase, all remedial actions are defined, penetration testing is done and evidence for compliance readiness is collected. We provide a detailed report of issues stating your compliance status and any remediation needs. Together we will fix areas of non-compliance and perform the retesting process.
The onsite PCI DSS Audit is where we meet your team and sample systems in order to gather accurate information to satisfy PCI DSS compliance. The evidence and the full SAQ is checked. If a Report on Compliance (RoC) is needed, the full audit will be performed. During this phase, the Attestation of Compliance (AOC) is generated.
Our clients say
“Fortytwo engineers are flexible and very knowledgeable. They understand that one size does not fit all. I recommend their personalised service to any company!”
“I was left with very detailed information to back up all the findings and recommendations so I could easily create a plan for remediation.”
“Everyone I worked with left me with the feeling that they were here to teach me and help me improve my security program. In such a relaxed manner, that I felt like we were just buds having a conversation about security.”