PCI SERVICES

Be secure, be PCI compliant

A trusted partner for all your PCI compliance requirements. Approved by the PCI Security Standards Council, our PCI services include strategy, programme management, gap analysis, training and awareness.

Our Global
Client Portfolio

PCI Services

PCI DSS Assessments

We are a Qualified Security Assessor (QSA), approved by the PCI Security Standards Council to validate organisations’ adherence to the Payment Card Industry Data Security Standard (PCI DSS).
The PCI DSS is a set of information security requirements designed to reduce payment card fraud, with mandatory compliance for any organisation that accepts, processes, stores or transmits cardholder data.
PCI DSS includes over 300 requirements to design, implement and manage across your cardholder data environment. We will help you navigate the challenges of PCI DSS compliance, reducing your costs and the impact on your business, and keeping your company’s and customers’ information safe from abuse.

PCI SERVICES

PCI DSS Assessments

We are a Qualified Security Assessor (QSA), approved by the PCI Security Standards Council to validate organisations’ adherence to the Payment Card Industry Data Security Standard (PCI DSS).
The PCI DSS is a set of information security requirements designed to reduce payment card fraud, with mandatory compliance for any organisation that accepts, processes, stores or transmits cardholder data.
PCI DSS includes over 300 requirements to design, implement and manage across your cardholder data environment. We will help you navigate the challenges of PCI DSS compliance, reducing your costs and the impact on your business, and keeping your company’s and customers’ information safe from abuse.

PCI DSS Services

  • Introductory awareness sessions
  • PCI DSS programme management and strategy definition
  • Scoping definition
  • Gap analysis
  • PCI DSS network design review
  • Internal and external (ASV)
  • Penetration testing
  • Remediation support
  • PCI DSS solutions options analysis
  • Report on Compliance (ROC) assessment
  • SAQ support and validation
  • End-user training and awareness (incident response training and securing the SDLC training)
  • Training and policy development

PCI SERVICES

PCI Card Production Audits
& Consultancy

We are an approved PCI Card Production Security Assessor, certified by the PCI Security Standards Council to validate entities’ adherence to the PCI Card Production Logical Security and/or Physical Security Standards. Our expertise covers all areas of card production including personalisation, manufacturing, PIN distribution, EMV and key management, and mobile provisioning.
Tailored to your company’s needs, our consultancy includes assisting card vendors in building up their facilities, introducing new service lines or while undergoing changes. We provide advice and practical assistance, such as reviewing construction plans, the correct implementation of access control systems, intrusion detection system and CCTV cameras, designing the network architecture, and developing the ISMS policy suite.
Auditing Services

PCI SERVICES

PCI Card Production Audits
& Consultancy

We are an approved PCI Card Production Security Assessor, certified by the PCI Security Standards Council to validate entities’ adherence to the PCI Card Production Logical Security and/or Physical Security Standards. Our expertise covers all areas of card production including personalisation, manufacturing, PIN distribution, EMV and key management, and mobile provisioning.
Tailored to your company’s needs, our consultancy includes assisting card vendors in building up their facilities, introducing new service lines or while undergoing changes. We provide advice and practical assistance, such as reviewing construction plans, the correct implementation of access control systems, intrusion detection system and CCTV cameras, designing the network architecture, and developing the ISMS policy suite.
  • HR security, pre-employment and ongoing screening
  • Visitor handling processes
  • Production process and audit trail
  • Key management
  • Guard responsibilities
  • Security policies and procedures
  • Business continuity and disaster recovery planning
Auditing Services

PCI Services

PCI PIN Security Audits

We are a Qualified PIN Assessor (QPA), approved by the PCI Security Standards Council. PCI PIN Security Requirements form a part of the PCI PTS group of standards and apply to all acquirers and their agents processing personal identification numbers (PINs) for payment card transactions. The standard also applies to entities operating key-injection facilities used for the acquisition of PIN data.
We offer audit and consultancy services to PIN Programme participants across all aspects of secure management, processing and transmission of PIN data during online and offline payment transactions, processing at ATMs, and attended and unattended POS terminals.

PCI Services

PCI PIN Security Audits

We are a Qualified PIN Assessor (QPA), approved by the PCI Security Standards Council. PCI PIN Security Requirements form a part of the PCI PTS group of standards and apply to all acquirers and their agents processing personal identification numbers (PINs) for payment card transactions. The standard also applies to entities operating key-injection facilities used for the acquisition of PIN data.
We offer audit and consultancy services to PIN Programme participants across all aspects of secure management, processing and transmission of PIN data during online and offline payment transactions, processing at ATMs, and attended and unattended POS terminals.

PCI Services

  • PCI PIN Security assessments (covering the standard technical set, Normative Annex A and Normative Annex B) version 2.0, as required by Visa of its direct connect processing members and their Third Party Agents (TPAs)
  • TR-39 audit of ATM operations in banks and credit unions, as required by Star, NYCE and Pulse EFT networks of all their members
  • TR-39 audit of PIN debit POS transactions for Merchants, as required by Star, NYCE and Pulse EFT networks
    Subsections of TR-39 audit that apply to ISO, ESO and KLD facilities, as required by the members of EFT networks

Partners And Accreditation