Call us on 03450 21 21 51

SRM Solutions
PCI DSS Compliance
Cyber Security Consultants

PCI DSS Compliance

The Payment Card Industry Data Security Standard

With over 10 years’ experience the PCI DSS compliance team have been consistently delivering PCI compliance projects. This has helped organisations of varying sizes to understand how to reduce costs and more importantly how to comply.

Who needs this service?

The Payment Card Industry Data Security Standard (PCI DSS) applies to virtually every organisation which accepts, transmits, processes or stores any cardholder data, regardless of size or the number of transactions; whether electronically using a terminal, through a service provider or via an ecommerce website or manually using paper methods.

Compliance requirements can, however, vary and it is the responsibility of every organisation to establish how they should comply with PCI DSS. An organisation’s acquiring bank will usually be able to advise on the need for compliance. Establishing the exact PCI DSS requirements can be a complex business and professional advice should be obtained.

Why use SRM for PCI Compliance?

SRM’s PCI DSS compliance team includes leading Qualified Security Assessors (QSAs) who use their wealth of experience to help companies understand not only how to comply but how to reduce costs by ensuring that the scope to achieve compliance each year is as simple as possible. Our team can guide businesses at any level in completing the PCI DSS compliance from SMEs right through to full QSA-managed PCI assessments for FTSE 100 companies.

What are the challenges?

The process of PCI DSS compliance involves an annual check of twelve requirements to ensure that important security steps to safeguard customers’ data are in place. PCI DSS compliance is constantly being updated and in addition to the outline requirements there will be many additional micro sub requirements, making the process complex, particularly for larger organisations.

Because PCI DSS compliance involves an annual check, it is important to note that this only demonstrates that an organisation was compliant on a certain date; a bit like a car MOT. To ensure ongoing compliance, the process needs to be managed continually throughout the year. If a breach occurs at any time, your current compliance status will be taken into account by the PCI when determining the level of fine imposed.

What are the penalties for non-compliance?

Those that should but do not comply, or demonstrate that they are working towards compliance, may be liable for non-compliance fines, at the discretion of the PCI. Ultimately an acquiring bank can terminate a relationship, which will prevent the organisation from accepting any payments by card.

Associated services

Cyber Essentials Certification

Cyber Essentials Certification

The SRM team is experienced in all aspects of Cyber Essentials certification. We can do as much or as little as is required.

GDPR Consultants

GDPR Consultants

Our team provides a business-focused service to organisations of all types and size, at all ends of the GDPR-readiness spectrum.

ISO 27001 Consultants

ISO 27001 Consultants

SRM guides you through the entire ISO27001 certification process, helping you to review continually and refine the way you handle information security, not just for the present, but for the future.

Virtual CISO ™ Virtual ISM ™

Virtual CISO ™ Virtual ISM ™

At SRM we have developed VirtualCISO™ and VirtualISM™, which are totally bespoke services, providing as much or as little as required depending on the individual company.


Related articles

PCI DSS compliance is like car maintenance: it’s not just an annual event

PCI DSS compliance is like car maintenance; to ensure your vehicle remains roadworthy throughout the year you need to practise an ongoing programme of routine repairs, regular servicing and..

Free live webinar: 5 signs you need a new QSA

5 signs you need a new QSA – Thursday 22nd November 3pm – 3.45pm (GMT) In this free live webinar Paul Brennecker and Laura Chatton will be discussing the..

5 signs you need a new QSA

PCI DSS compliance is no longer an annual project. New requirements this year are ensuring that businesses are monitoring their compliance on a continuous basis. So, is your QSA..