The security of payment card data is governed by the Payment Card Industry Data Security Standard or PCI DSS.  This affects the people, processes and technologies which are involved with the capture, storage, processing and transmission of payment card data.

Leveraging experience within the card payments market space, One Compliance Qualified Security Assessors (QSAs) take an approach to PCI DSS which reduces both the risk to cardholder data and the ongoing cost of maintaining PCI DSS compliance.  This is based on the simple fact that risk to cardholder data is minimised by outsourcing key areas of cardholder data capture, storage, processing and transmission, and then by isolating any remaining system components which can affect the security of cardholder data.

One Compliance do not over-complicate the process to meet the standard.  The most successful and cost-effective method of achieving PCI DSS is to:

  1. Review the options that are available to you to remove from scope the people, processes and technologies that do not need to be there
  2. Ensure any remaining controls are addressed appropriately and can be assessed
  3. Conduct the assessment
  4. Ensure procedures are in-place in order to maintain PCI DSS compliance on an ongoing basis

One Compliance offer the following services:

  • PCI DSS Options analysis (guidance on scope reduction)
  • PCI DSS Gap Analysis (review on the implementation of applicable PCI DSS controls)
  • PCI DSS Prioritised Approach (review of applicable controls and completion of the Prioritised Approach worksheet for the acquiring bank)
  • PCI DSS Assessment (formal audit of all applicable controls and production of the Report on Compliance and Attestation of Compliance)
  • SAQ Assistance (review of applicable SAQ controls and submission to the acquiring bank)
  • Acquiring bank negotiation (we are happy to have a conversation with your acquiring bank in order to help negotiate extensions to deadlines)

One Compliance also offer PCI DSS Training services.

Please Contact us to arrange a discussion with one of our consultants.