PCI DSS
The road to compliance
Any organisation that transmits or processes payments by credit or debit card is required to comply with the Payment Card Industry Data Security Standard (PCI DSS).
PCI DSS is a set of technical, procedural and physical security control requirements for organisations processing credit and debit card transactions. The standard is designed to protect consumer data by ensuring all organisations securely store, transmit and process customer data to prevent theft or loss.
The standard is endorsed by each of the major credit card providers and has been incorporated within their respective security programmes and guidelines. It was implemented in response to increased fraud and identity theft involving stolen credit card data, in order to stem losses by the card providers and improve consumer confidence.
As a leading independent provider of information security consultancy and security testing services, accredited by the Payment Card Industry as a Qualified Security Assessor (QSA) and as a PCI Approved Scanning Vendor (ASV), NCC Group is ideally placed to help you to become and stay compliant.
In addition we also advise on the Payment Application Data Security Standard (PA-DSS) which applies to software vendors and others who develop payment applications that store, process or transmit cardholder data as part of authorisation or settlement where these payment applications are sold or distributed by third parties. Payment software vendors need to comply with several requirements in order for merchants to use their products to process credit card information.
We work with you to help you to understand and implement the security processes necessary to ensure compliance.
We have worked with our clients to develop a range of PCI DSS and PA DSS services covering the full cycle of compliance.
Back to Advisory home page