Payment Card Industry – PCI Compliance

The Payment Card Industry Security Standards Council (PCI SSC) governs the Payment Card Industry Data Security Standard (PCI DSS) which is a set of comprehensive requirements for security management, policies, procedures, network architecture, software design and other critical protective measures. The purpose of this standard is to help organizations safeguard and protect customer data and credit card information against credit card fraud, hacking and security issues in general as it relates to the payment card industry.

Any entity that stores, processes, and/or transmits credit card transactions is subject to the PCI DSS compliance requirements. The Payment Card Industry Security Standards Council classifies participating entities as merchants, service providers, acquirers and trusted third parties. As each payment brand has its own set of compliance requirements for each of the entity classifications, it is important to validate compliance with each payment brand. Overall, the classification depends on annual volume of stored, processed, and/or transmitted credit card transactions per point of sale, i.e. brick-and-mortar and e-commerce.

As part of the compliance process improvement and facilitation, the Payment Card Industry Security Standards Council defined qualifications for Qualified Security Assessors (QSAs) and Approved Scanning Vendors (ASVs). Enterprise Risk Management offers PCI compliance consulting services and is certified both as a QSA and ASV. Our team of PCI experts can assist your organization in complying with the PCI DSS requirements regardless of the level of complexity of transactions and organization size. With strong experience in PCI DSS compliance, our one-stop services will ensure that all your payment card industry compliance needs are fully serviced under one roof and that your organization gains the maximum value for your information security and compliance budget.