PCI DSS
Payment Card Security Data Security Standard (PCI-DSS) provides a list of 12 requirements, which span various technology and process verticals. The main objective is to ensure the security of the payment card data.
- Assessor Type
- Applicability
- Validity
- Governing Body
- Data Type
- Regions
- PCI QSA
- MERCHANTS & SP’s
- 1 Year
- PCI SSC
- CARDHOLDER DATA
- GLOBAL
REQUIRED
REQUIRED
REQUIRED
REQUIRED
Required
PCI-DSS is governed by the PCI Security Standards Council.
Based on the number of transactions all merchants and service providers can opt for either a QSA assessment or an applicable PCI SAQ.
QSA Validation: – This applies for all Level-1 merchants and services providers who process a high volume of transactions. Since there is a considerable risk to payment data in organisations dealing with a high volume to data an independent validation by a QSA is required. .
PCI SAQ : Merchants and Service providers who fall under other levels can opt for an applicable SAQ. There are 7 types of SAQ’s for PCI-DSS compliance and a suitable SAQ can be selected.
Why comply ?
If you are a merchant accepting payment cards or a service provider, which really means you either perform some transactions with payment cards, or can impact the security of the processes invoving payment card data, you will need to comply with PCI-DSS.
PCI-DSS Consulting & Validation
The merchants and service providers are all categorised into levels based on the number of transactions they process in a year, into specific levels. Level 1 Merchants and Service Providers are required to validate via a PCI QSA. Other levels (Level 2 and above) can opt for the SAQ method of validation.
The payment brands provide guidance on what type of merchants or service providers qualify for an SAQ.
PCI-DSS Consulting & Validation
Consulting
If you are beginning your PCI DSS compliance journey, Crossbow Labs consultants can review your requirements and guide you through it. The latest version of the PCI-DSS Standard is v4.0.
Implementation Support
One of the most time consuming step in your compliance with PCI DSS will be the implementation of the requirements. Our experience in advising over 200 customers each year can help you short-script your efforts.
QSA Validation
PCI QSA Validation is a yearly activity to demonstrate your continued compliance with the PCI DSS requirements. This is an audit activity and needs to be performed by Qualified Security Assessors identified by the PCI SSC.
Bespoke Consulting
Ample preparation is required for compliance to the PCI-DSS requirements. Crossbow Labs teams provide PCI-DSS Consulting to help organizations achieve compliance using an optimal approach.
PCI-DSS Consulting Experience
Experience in consulting organizations from various industries has enabled us to create an optimised approach which helps organizations become compliance with the PCI-DSS.
Crossbow Labs QSA teams have certified organizations across a variety of industry verticals.
- Fintechs
- Merchants
- E-Commerce Merchants
- Service Providers
- Banks
- Payment Companies
- Airlines
- Technology Companies
Compliance Management
We built a compliance management tool to ensure managing a compliance standards as detailed as the PCI-DSS, in a seamless manner. You will get the PCI-DSS compliance management tool to manage your compliance for both PCI-DSS consulting and PCI QSA valdiation engagements with Crossbow Labs.
Turnkey PCI-DSS Services
Being a full service vendor of PCI , we provide many support services needed to be PCI standards Compliant. This includes actives like Risk Assessment, VA & PT, Security Operations Center, Incident Response, Policya and Documentation, etc.
Our Approach
Various teams will be engaged in performing successful PCI-DSS consulting, implementation support and QSA Validation. Processes prescribed by the PCI security standards council will be adhered to.
1. PCI-DSS Scope Formulation
Defining a specific scope is a critical step to reduce efforts of maintenance and could reduce the cost of compliance.
2. Initial Assessment
An assessment of the requirements in the context of the PCI scope helps identify the gaps and address them.
3. Implementation of Requirements
Implementation support will be provided during the remediation phase.
4. QSA Validation
QSA validation will be done based on the guidance provided by the PCI security standards council.
5. Evidence Collection & Reporting
All the evidences will be collected on the PCI-DSS Compliance Management Tool and the reporting will commence.
6. Compliance Maintenance
A calendar of activities and periodic evidence reminders, for maintaining compliance with the PCI-DSS will be made available on the PCI-DSS Compliance Management tool.
PCI-DSS Training
- Crossbow Labs QSA's conduct workshops of PCI-DSS implementation.
- The key pinpoints of implementation and critical success factors will be discussed extensively.
- Real world solutions, technologies like SIEM or firewall choices and other caveats of commercial and open source software implementations will be discussed.
- PCI-DSS workshops provide the much needed orientation to begin the PCI-DSS compliance journey to various teams within an organization, before embarking upon it.
Frequently Asked Questions
The PCI DSS v4.0 standard is currently released and will be in effect from June 2023. Organizations looking to undergo PCI DSS validation now will be required to follow the v3.2 of the standard.
Based on the number of transactions PCI-DSS
The PCI DSS v4.0 standard has introduced the “Customised Approach Objective” to various requirements added to the “Defined Approach Testing Procedure”, which was present in the earlier versions of the standard. This enables organization’s undergoing PCI DSS validation to adopt a bespoke approach which meets the intended object of the specific PCI DSS requirement. There are other changes to the standard and can be found in the “PCI-DSS-v3-2-1-to-v4.0 Summary of Changes” document found in the PCI SSC website.
Link – https://www.pcisecuritystandards.org