Comsec PCI DSS
Comsec is a market-leading QSA company operating in Europe, North America and Southeast Asia. We help our clients achieve compliance by adopting a pragmatic and production-oriented approach.
Achieving compliance with minimal impact on production – this is how we define success.
PCI DSS is a detailed and strict standard, published by the PCI SSC, intended to secure credit card data, both at rest and in transit.
PCI DSS examines information security management as well as the secure development processes within the organization or the scoped environment .
PCI DSS applies to entities that store, process or transmit cardholder data and also to entities that might affect the security controls of such environments, for example hosting providers, managed service providers, or remote SIEM/SOC service providers.
Increased fraud and identity theft involving stolen credit card data led to the formulation of the PCI DSS standard to reduce losses for the card providers and to improve consumer confidence.
The payment brands authorized each country local acquirer to enforce the standard with the local merchants and payment service providers.
Once the requirement for compliance is received, the entity must certify its environment by issuing the relevant self-assessment questionnaire (SAQ) or by conducting a full assessment with a QSA company, depending on its merchant/service provider level.
Beyond compliance, there are real business risks relative to brand, customer loyalty, and corporate reputation if the payment data is not securely managed.
Comsec offers a partnership approach to PCI. Our unique advantage stems from our ability to provide the end-to-end support and guidance you need to achieve PCI compliance. We emphasize QSA flexibility and consistency as two fundamental principles for any PCI compliance.
Partnership – as a PCI compliance partner, we enable you to achieve and maintain compliance, through expert advice and a hands-on approach.
Flexibility – Our creative, problem-solving capabilities, based on our experience of diverse PCI projects, enable us to shorten the compliance process and help you achieve compliance with minimal impact on business as usual.
Rapid response – Our highly-responsive team of experienced QSAs have the knowledge to seamlessly guide you through the entire PCI compliance process. Our SLA is significantly shorter than our competitors.
Deep knowledge – Our knowledge of other compliance requirements (ISO, FCA, HIPPA) enables our clients to identify synergies and reduce the overall compliance effort.
We provide end-to-end PCI and PA DSS services that pave the road to compliance:
• PCI DSS assessments
• Gap analysis
• Gap mitigation
• QSA consulting
• External and internal scans
• Payment environment design review
• Code reviews
• Penetration testing
• Employee training