If your organisation stores, transmits or processes credit cards you will probably have to meet some requirements of the Payment Card Industry Data Security Standard (also known as PCI-DSS). It was created by the main payment brands in 2006. Each brand used to have its own compliance program before.
Failing to be PCI Compliance may result in monetary penalties, reputational damage, revenue losses etc.
If your organisation decided to become PCI compliant whether you are a service provider or a merchant, you need to figure out what is the level your organisation should be. Merchants and Service Providers are mapped to four (4) levels based on the volume of credit card transactions the business processes on an annual basis. The level should reflect the risk ???to whom??, you should consult your acquirer or payment brand directly to determine your level and reporting requirements.
Companies that are required to undergo an audit and complete a Report on Compliance (ROC) for PCI DSS compliance. This should be assessed by an approved PCI QSA (Qualified Security Assessor). The ROC should be completed for service providers and merchants that are considered level 1. For levels 2-4, there are different SAQ types depending on the payment integration method.
Comsec is now offering a few unique packages, should you order by the end of 2019:
For ordering one of our Cybersecurity Services, you’ll be able to choose between: Hardening procedure documentation / SSDLC guidelines / Awareness training session (1.5 hours) / CISO advisory session (3 hours)
For ordering our Incident Response Service (IRP / IRT): CISO advisory session (3 hours)
For ordering our Table Top exercise, you’ll be able to choose between: A session by a senior Comsec Information Security expert / Hardening procedure documentation
For ordering our Red Team service: Attack simulation by a senior Comsec Information Security expert
For ordering our Secure Code Review service, you’ll be able to choose between: 2 system re-tests / Additional scan (of the same system)
For ordering Comsec Hour Bank, you’ll be able to choose between:
Additional 10% hours of the value of the package / Hardening procedure documentation / SSDLC guidelines