Call us on 03450 21 21 51

SRM Solutions
Consultancy & Compliance

PCI DSS

The Payment Card Industry Data Security Standard

The SRM PCI DSS compliance team of QSAs have been successfully delivering PCI compliance projects for over 10 years; helping organisations at all levels to understand not only how to comply but also how to reduce costs.

Who needs this service?

The Payment Card Industry Data Security Standard (PCI DSS) applies to virtually every organisation which accepts, transmits, processes or stores any cardholder data, regardless of size or the number of transactions; whether electronically using a terminal, through a service provider or via an ecommerce website or manually using paper methods.

Compliance requirements can, however, vary and it is the responsibility of every organisation to establish how they should comply with PCI DSS. An organisation’s acquiring bank will usually be able to advise on the need for compliance. Establishing the exact PCI DSS requirements can be a complex business and professional advice should be obtained.

Why use SRM for PCI Compliance?

SRM’s PCI DSS compliance team includes leading Qualified Security Assessors (QSAs) who use their wealth of experience to help companies understand not only how to comply but how to reduce costs by ensuring that the scope to achieve compliance each year is as simple as possible. Our team can guide businesses at any level in completing the PCI DSS compliance from SMEs right through to full QSA-managed PCI assessments for FTSE 100 companies.

What are the challenges?

The process of PCI DSS compliance involves an annual check of twelve requirements to ensure that important security steps to safeguard customers’ data are in place. PCI DSS compliance is constantly being updated and in addition to the outline requirements there will be many additional micro sub requirements, making the process complex, particularly for larger organisations.

Because PCI DSS compliance involves an annual check, it is important to note that this only demonstrates that an organisation was compliant on a certain date; a bit like a car MOT. To ensure ongoing compliance, the process needs to be managed continually throughout the year. If a breach occurs at any time, your current compliance status will be taken into account by the PCI when determining the level of fine imposed.

What are the penalties for non-compliance?

Those that should but do not comply, or demonstrate that they are working towards compliance, may be liable for non-compliance fines, at the discretion of the PCI. Ultimately an acquiring bank can terminate a relationship, which will prevent the organisation from accepting any payments by card.

Associated services

PA DSS

SRM is an accredited PA DSS assessor. With a forensic laboratory in the North East, we have the expertise and resource to guide software application companies through the process of certification.

Cyber Essentials

The SRM team is experienced in all aspects of Cyber Essentials certification. We can do as much or as little as is required.

GDPR

Our team provides a business-focused service to organisations of all types and size, at all ends of the GDPR-readiness spectrum.

ISO 27001

SRM guides you through the entire ISO27001 certification process, helping you to review continually and refine the way you handle information security, not just for the present, but for the future.

VirtualCISO™/VirtualISM™

At SRM we have developed VirtualCISO™ and VirtualISM™, which are totally bespoke services, providing as much or as little as required depending on the individual company.


Related articles

Free live webinar: 5 signs you need a new QSA

Thursday 22nd November 3pm – 3.45pm (GMT) In this free live webinar Paul Brennecker and Laura Chatton will be discussing the QSA role. What does ‘good’ look like?  Why..

5 signs you need a new QSA

PCI DSS compliance is no longer an annual project. New requirements this year are ensuring that businesses are monitoring their compliance on a continuous basis. So, is your QSA..

GDPR and data security in the gambling industry

This article first appeared in the Q3 edition of Casino & Gaming International  (CGi ) and appears here with their kind permission. As the implications of the General Data..