Getting Started
As a response to increased theft of credit card information, the different card brands (MasterCard, Visa, American Express and others) developed a minimum set of requirements for their merchants to follow.
To assist organisations in meeting those requirements, the Payment Card Industry Security Standards Council (PCI SSC) was formed to manage and administer the Payment Card Industry Data Security Standard (PCI DSS) and the supporting standards.
PCI DSS consists of 6 goals spanning twelve major requirements. These requirements apply to every organisation that accepts, processes, stores or transmits credit card information.
The exact requirements for reporting and validation are set by each of the card brands.
PCI Compliance
Information Kit
What is PCI DSS?
This three minute video produced in partnership with Macquarie Telecom gives a quick overview of PCI DSS and why it’s important.
Shearwater’s PCI Compliance Solutions
Shearwater can assist in all aspects of compliance. We can perform annual validation audits
as required under the standard. We can also assist you in the meeting the requirements of PCI DSS
by working with you to assess gaps, develop remediation strategies, and to provide products and
services that meet the standard. Shearwater offers a range of consulting and auditing services
for becoming compliant and maintaining compliance with PCI.
Achieve
We will start with a pre-assessment that outlines the simplest and most cost-effective route to compliance.
This includes:
- Full Onsite Review
- Scoping Analysis
- Data Flow Analysis
- Gap Analysis
- SAQ Assistance
- Remediation
Prove
The methods used to prove compliance differ according to your organisation‘s merchant level. Shearwater is a Qualified Security Assessor (QSA) and can perform the on-site validation audit. At the conclusion of a successful audit, we will provide a Report of Compliance (RoC) and an Attestation of Compliance (AoC).
Maintain
Shearwater has outlined a range of managed services to help you maintain a successful compliance program. Our clients enjoy the peace of mind that they are compliant around the year, not just at audit time. We offer managed services across Firewalls, File integrity Monitoring (FIM), Anti-Virus (A/V), and Logging. We also offer PCI DSS compliant Penetration Testing and Vulnerability Scanning.
Calibrated QSA Advice
Engaging Shearwater for PCI DSS compliance gives you access to calibrated
expert advice that ensures that you neither over, nor under-invest in your PCI
compliance efforts as advice is run by multiple Qualified Security Assessors
with different areas of expertise.
Benefits of being PCI Compliant
Improve your Security Posture
Compliance provides a security framework that helps secure your critical data and lessen the likelihood of being hacked.
Protect Business Requirements
Proving compliance maintains your organisation’s privilege of accepting credit card payments and preserves the core of the shopping experience.
Maintain Trust and Reputation
PCI Compliance helps your organisation maintain trust and reputation, and meet the business requirements of partners and customers.
Avoid Fines
Being compliant may provide a safety net against hefty fines and rigorous requirements if your organisation is breached.
Avoid Downtime
Implementing the framework helps your organisation avoid costly downtime and damage to reputation that may be caused by a breach.