Menu

Call us on 03450 21 21 51

PCI DSS Compliance
Cyber Security Consultants

PCI DSS Compliance

The Payment Card Industry Data Security Standard

Demonstrate your ability to process payment card data safely and securely with SRM.

If you are a merchant accepting card transactions, the responsibility for processing payments safely and securely lies with you. If card data isn’t protected or fraudulent activity occurs, the penalties for mistakes and mishandling can be significant.

With over 10 years’ experience in PCI DSS compliance, you can trust the expert team at SRM to help you implement critical steps and achieve compliance in the fastest and most cost effective way possible.

Want to make PCI DSS compliance plain sailing? Call us today for a free quote on 03450 21 21 51 or email info@srm.solutions.com.

Who needs this service?

The Payment Card Industry Data Security Standard (PCI DSS) applies to virtually every organisation which accepts, transmits, processes or stores any cardholder data, regardless of size or the number of transactions; whether electronically using a terminal, through a service provider or via an ecommerce website or manually using paper methods.

Compliance requirements can, however, vary and it is the responsibility of every organisation to establish how they should comply with PCI DSS. An organisation’s acquiring bank will usually be able to advise on the need for compliance. Establishing the exact PCI DSS requirements can be a complex business and professional advice should be obtained.

Why use SRM for PCI Compliance?

SRM’s PCI DSS compliance team includes leading Qualified Security Assessors (QSAs) who use their wealth of experience to help companies understand not only how to comply but how to reduce costs by ensuring that the scope to achieve compliance each year is as simple as possible. Our team can guide organisations at any level in completing the PCI DSS compliance from SMEs right through to full QSA-managed PCI assessments for FTSE 100 companies.

What are the challenges?

The process of PCI DSS compliance involves an annual check of twelve requirements to ensure that important security steps to safeguard customers’ data are in place. PCI DSS compliance is constantly being updated and in addition to the outline requirements there will be many additional micro sub requirements, making the process complex, particularly for larger organisations.

Because PCI DSS compliance involves an annual check, it is important to note that this only demonstrates that an organisation was compliant on a certain date; a bit like a car MOT. To ensure ongoing compliance, the process needs to be managed continually throughout the year. If a breach occurs at any time, your current compliance status will be taken into account by the PCI when determining the level of fine imposed.

What are the penalties for non-compliance?

Those that should but do not comply, or demonstrate that they are working towards compliance, may be liable for non-compliance fines, at the discretion of the PCI. Ultimately an acquiring bank can terminate a relationship, which will prevent the organisation from accepting any payments by card.

Associated services

Cyber Essentials Certification

Cyber Essentials Certification

The SRM team is experienced in all aspects of Cyber Essentials certification. We can do as much or as little as is required.

GDPR Consultants

GDPR Consultants

Our team provides a business-focused service to organisations of all types and size, at all ends of the GDPR-readiness spectrum.

ISO 27001 Consultants

ISO 27001 Consultants

SRM guides you through the entire ISO27001 certification process, helping you to review continually and refine the way you handle information security, not just for the present, but for the future.

Virtual CISO ™ Virtual ISM ™

Virtual CISO ™ Virtual ISM ™

At SRM we have developed VirtualCISO™ and VirtualISM™, which are totally bespoke services, providing as much or as little as required depending on the individual organisation.


Related articles

ISO 27001 & PCI DSS: a two-pronged approach to robust information security

Using both standards together helps your business manage risks and improve resilience ISO 27001 and PCI DSS are powerful tools for establishing and maintaining comprehensive, robust security practices. While..

What does effective cybersecurity in the retail sector look like?

Retail businesses have a unique set of cyberthreats that they must plan for In the past two decades, the way we use technology has changed exponentially, and one of..

Case study: providing information security support to one of the UK’s leading medical and end-of-life care charities

The charity sector may not be one that people often think about when it comes to information security risk. Yet it is just as important that a charity protects..