PCI Data Security Standard

The Payment Card Industry – Data Security Standard (PCI-DSS) provides a best practice framework for developing a payment card data security process. This includes requirements covering the prevention, detection and reaction to security incidents.

If you are an organisation that accepts payment cards and stores, processes and/or transmits cardholder data, then you need to comply with the Standard. This includes a number of organisations which includes resellers, web hosting providers, card processing bureaux, data storage entities and payment service providers.

This global data security standard is applicable to any size business including smaller merchants. It offers steps that reflect best security practices that will help you make sure your systems are secure and customers will trust you with their payment card data.

Benefits of PCI-DSS

  • Minimise risks - identify and manage any risks to your data security early
  • Reducing costs - managing your data effectively can reduce the cost of any breach both to resources and finances
  • Best practice - demonstrate your organisation's commitment to keeping customer data safe and secure

Why choose LRQA for PCI-DSS?

  • Information security specialists

  • Our assessors are fully trained and qualified in all aspects of information security standards, many have been involved in the development of these standards.
  • Global presence

  • LRQA is a global company so wherever your organisation is, you can be sure that certification provided by LRQA will be recognised.
  • Proven track record

  • We have high profile clients in the IT, telecommunications, government and utilities sectors.

What is PCI-DSS compliance?

The PCI-DSS is managed by the PCI Security Standards Council which is a global forum established in 2006. Its founding members - American Express, Discover Financial Services, JCB, MasterCard and Visa – each recognise and accept the requirements of the Data Security Standard. It represents an effort by the industry to tackle identity theft and on-line fraud.

Representing a common set of industry tools and measurements to help ensure safe handling of sensitive information, the Standard provides a framework for developing a robust data security process.

This includes the prevention, detection and timely reaction to security incidents.

The Standard comprises 12 general requirements based around the need to Assess, Remediate and Report:

  • Assess your organisation’s IT assets and processes used for payment card processing and then analyse any system weaknesses.
  • Remediate in order to fix identified vulnerabilities.
  • Report the steps taken to fix any identified problems to the acquiring bank and payment brands that you do business with.

These three steps form an ongoing process which will help you comply with the requirements of the PCI Data Security Standard.