If you’re wondering exactly what PCI compliance is, the chances are you’re one of the many business owners in Australia who’ve asked themselves this same question.

How does PCI Compliance affect Australian businesses?

Payment Card Industry Data Security Standards (PCI DSS)

Must be implemented by all entities that process, store or transmit credit cardholder data. This must be done in order to maintain, safe harbor and avoid potential liability in the event of fraud associated with cardholder data. The cost of not complying can be catastrophic and could result in millions of dollars in fines, and loss of reputation. Our team can help you identify the level of compliance you need, and then take you through the entire lifecycle of compliance starting with a gap analysis all the way to formal certification.

If you are a Level 1 PCI DSS compliant organization, you need to go through a formal Annual Attestation that must be performed by a certified external Qualified Security Assessor (QSA). Our team can offer these services as we partner with a certified QSA company. Our PCI QSA consultants are trained to understand the intent and process required to meet the PCI DSS requirements and come with years of experience delivering security reviews and audits. We can conduct an on-site PCI audit and issue the documentation required by your acquiring bank.

As a Level 2, 3, or 4 PCI DSS compliant organization, you must complete an annual Self Assessment Questionnaire (SAQ) to remain compliant. The SAQ is a validation tool for the merchants and service providers who are not required to undergo an on-site data security assessment per the PCI DSS Security Assessment Procedures. The purpose of the SAQ is to assist organisations in self-evaluating compliance wih the PCI DSS, and you may be required to share it with your acquiring bank. There are multiple versions of the PCI DSS SAQ to meet various business scenarios. Our team can help you determine which SAQ best applies to your and how to complete the relevant SAQ documentation.

Additional security services

We can also deliver vulnerability assessment and penetration testing services that are required in order to satisfy the PCI-DSS requirements. Whether you need assistance in identifying the presence of wireless access points, conduct internal/external quarterly vulnerability assessments, web application penetration testing or annual penetration testing covering your infrastructure and applications, our team have the resources and the know how.