PCI-DSS
PCI Planning, Readiness & Compliance
Any Organization that collects or processes payment card information must comply with the Payment Card Industry Data Security Standard (PCI DSS). Although compliance has improved in recent years there are still a large number of organizations who are not compliant. In addition to significant fines, companies can be barred from processing credit card transactions and may pay higher processing fees. In the event of a serious security breach, fines of up to $500,000 can be levied for each instance of non-compliance – not to mention damage to your reputation and probable loss of customers. Regents & Park is a PCI DSS Readiness Security Standards provider for the following programs:
- Preparer for Qualified Security Assessors (QSA)
- Post Breach Forensic Audit coordinator
- Approved Scanning Vendors (ASV)
Regents & Park PCI Planning, Readiness and Compliance professionals will work with you to plan and prepare for certification as well as help you remediate issues found in early assessments. We will help you manage your risk by understanding what private data is collected and where it is stored, train employees about company policy for handling private data, integrate a crisis–management process, and implement a privacy risk management process or office. We will offer options for compensating controls and limiting scope as well as provide recommendations to mitigate common pitfalls. Finally, we can perform certification with a Report on Compliance (ROC). We can also provide:
- Annual onsite audits
- Quarterly vulnerability scans
- Annual penetration testing
- Remediation
The following are the 4 levels of PCI compliance: Level 1: Merchants processing over 6 million card transactions per year. Level 2: Merchants processing 1 to 6 million transactions per year. Level 3: Merchants handling 20,000 to 1 million transactions per year.
Important Note:
Don’t forget that while being a Level 1 can result in some arduous times working with a QSA to reach the ultimate goal of full compliance, must merchants are far below the 6 million transaction level. However due to the complexity of the Point of Sale you are using you still need to complete a SAQ-D and comply with over 300 IT Security controls. This means that even a small merchant may have a complex problem to solve. Regents & Park is here to help you take care of security and continue to stay in business.
A PCI Self-Assessment Questionnaire (PCI SAQ) is a merchant’s statement of PCI compliance. It’s a way to show that you’re taking the security measures needed to keep cardholder data secure at your business. Each SAQ includes a list of security standards that businesses must review and follow. PCI SAQs vary in length.
