PCI Compliance
As a response to increased theft of credit card information the different card brands (MasterCard, Visa, American Express and others) developed a minimum set of requirements for their merchants to follow.
Each individual standard needed to be met for each individual card brand. To assist organisations to meet the different card brand requirements the Payment Card Industry Security Standards Council (PCI SSC) was formed to manage and administer the Payment Card Industry Data Security Standard (PCI DSS) and the supporting standards.
PCI DSS consists of twelve (12) requirements that have to be met by every organisation that accepts, processes, stores or transmits credit card information. The exact requirements for reporting and validation are set by each of the card brands.
- Visa Inc: www.visa.com/cisp
- MasterCard Worldwide: www.mastercard.com/sdp
- American Express: www.americanexpress.com/datasecurity
- Discover Financial Services: www.discovernetwork.com/merchants/data-security/disc.html
- JCB International: http://partner.jcbcard.com/security/pcidss/index.html
PCI Compliance Checklist
Shearwater Solutions, in partnership with Macquarie Telecom, have produced a PCI Compliance checklist that tells you what you need to know about PCI DSS and whether you need to be compliant.
View the PCI Compliance Checklist (right click and 'Save as' to download)
What is PCI DSS Compliance?
This three minute video produced in partnership with Macquarie Telecom gives a quick overview of PCI DSS and why it's important:
Shearwater’s professional services for PCI compliance
Shearwater is a Qualified Security Assessor (QSA) company with a number of qualified assessors that can assist in all aspects of PCI DSS compliance.
We can perform annual validation audits as required under the standard. We can also assist you in the meeting the requirements of PCI DSS by working with you to assess gaps, develop remediation strategies, and to provide products and services that meet the standard.
Shearwater offers a range of consulting and auditing services for becoming compliant and maintaining compliance with PCI.
Our auditing and assessment services for PCI compliance include:
- gap analysis or pre-assessment,
- full on-site review,
- PCI DSS compliant network security scanning,
- PCI DSS compliant network penetration testing and network vulnerability assessments.
Our consulting services for PCI compliance include:
- PCI compliance project management,
- scoping assistance,
- providing assistance for selection of PCI products,
- security design, remediation and implementation,
- assistance with SAQ (Self-Assessment Questionnaire).
- Compliant vulnerability assessments, Penetration testing (internal and external)
QSA Services
The card brand or acquiring bank will typically inform you that you have to comply with PCI DSS and at what level. At the moment only level 1 merchants and service providers will need to validate compliance through annual on-site audits for which a QSA must be used.
Shearwater can perform the on-site audit and complete the Report of Compliance (ROC) and Attestation of Compliance (AOC) as required by the different card brands and acquiring banks. We can work with your organisation throughout the year to help address any issues and provide advice on remediation efforts.
For more information please contact us on 1300 228 872 or via email:
