The PCI (Payments Card Industry) DSS (Data Security Standard) describes 12 requirements that apply to all entities (including on-line merchants, payment processors, service providers) involved in payment card processing. According to the DSS, these requirements must be met by DSS-compliant entities, all of whom need to secure cardholder data (for example, credit card numbers) and/or sensitive authentication data (for example, CVVs).
DotSec is a PCI QSA (Qualified Security Assessor) company. This means that DotSec has been certified by the PCI Standards Security Council as being qualified to assist organisations to achieve PCI compliance. The kinds of assistance that DotSec can provide include:
- Assess compliance with the PCI DSS. DotSec can assess the level to which the organisation complies with the 12 PCI DSS requirements. The DSS includes a range of policy, procedural, personnel, physical and technical requirements, and the assessor must gather evidence to show either that the requirements have been met, or that compensating controls are in place.
- Provide advice as to how to become compliant with the PCI DSS. DotSec can provide advice and/or direction regarding the steps that an organisation must take in order to become compliant with the PCI DSS. As described on our general Assessment and Testing pages, all our reports include a detailed risk-mitigation section that describes how the client’s risk profile may be reduced to an acceptable level.
DotSec has provided PCI DSS services for clients in the payments-processing and on-line retail sectors, and our assessors have at least 13 years of information security (including, but not limited to, assessment and testing) experience. Perhaps most importantly, our assessors have an excellent reputation (backed by references) as being supportive and collaborative professionals who assist (not hinder) our clients’ journey towards PCI DSS compliance.