Skip to main content

PCI: DSS Certification

Payment card security is one of the most important security concerns for consumers and businesses and PCI: DSS must be adhered to by all entities where card payments are supported and processed. This includes merchants, service providers and card issuers.
Speak to a specialist

Ensure payment card information is stored, processed & transmitted securely

Payment Card Industry Data Security Standard (PCI: DSS) is a set of security standards which are endorsed by the five most globally influential payment brands: Visa, Mastercard, JCB, Discovery and American Express. The standard was created to increase controls around cardholder data to reduce cardholder fraud and describes a series of security requirements in 12 different categories. 

Compliance with PCI: DSS is a mandatory requirement for any business which stores, processes or transmits card data to demonstrate their compliance with the standard.

All merchants will fall into one of the four merchant levels, based on the volume of card payment transactions over a 12 month period and these levels determine the assessment type and reporting requirements

Report On Compliance (ROC)

ROCs are reserved for level 1 merchants (6 million or more annual transactions) and level 1 service providers (300,000 transactions per year). 

It is compulsory that the report is completed by a Qualified Security Assessor (QSA) and provides independent confirmation of your compliance status. ROCs must also be accompanied by a complete Attestation Of Compliance (AOC) report. 


Self Assessment Questionnaire (SAQ) 

Merchants who fall into level 4 (20,0000 or less annual transactions), level 3 (20,000 to 1 million annual transactions) and level 2 (1 million to 6 million annual transactions). Will be required to fill in a Self Assessment Questionnaire (SAQ). Level 2 service providers (less than 300,000 transactions per year) will also be required to fill in SAQ’s

SES will assist in clarifying which SAQ you are required to fill in, significantly reducing your organisation's administration. 
 

Four steps to consultancy

SES's Qualified Security Assessors (QSA's) utilise a 4 step PCI DSS framework to manage your organisation's compliance programme.

PCI: DSS Compliance Advice

Our consultants will provide expert validation of compliance scope, assessment for scope reduction, SAQ determination, employee awareness and training sessions.
Learn more

PCI: DSS Gap Analysis

This service provides you with an understanding of where your organisation currently sits concerning the requirements of PCI DSS.
Learn more

PCI: DSS Reporting

We will aid with the completion of required reports: SAQs or full QSA-led ROCs.
Learn more

Testing & Maintaining

To remain PCI DSS compliant, companies must complete mandatory testing, which our consultants can provide.
Learn more

Benefits of PCI: DSS Compliance

Compliance with qualified experts

SES’s PCI: DSS consultants are a QSA company, authorised by the PCI Security Standards Council (SSC) to assess compliance to the PCI DSS 3.2.1. This version has been mandatory since May 2018.

Trained & certified consultants

Our team of consultants have been trained and certified by the SSC to carry out client assessments and provide guidance to organisations who handle card data.

Tailored to your requirements

From large, multi-nationals to SME’s, SES can help you meet your PCI: DSS requirements. We offer four core services to help guide your organisation through the compliance process from a single aspect to the whole journey.

Clients we've helped

Our expertise. Your questions answered

What’s the easiest thing to implement in my office?

There are many controls every organisation should put in place to ensure good defence against cyber threats - from the basics like using anti-virus, email filters and firewalls, to more in-depth activities, like Penetration Testing and Phishing Assessments. One of the basic controls you can implement easily in both your professional and personal lives is good password hygiene. In some cases, your password is often the only thing keeping cyber criminals away from your sensitive information; length is the primary factor when creating a strong password—the longer it is, the more guesses will be needed by hackers to get it right.

Am I investing my Cyber Security budget correctly?

You could take a blanket approach and cover every possibility, but that’s an expensive strategy and your Finance Manager or CFO probably wouldn’t be happy to spend money unnecessarily. Every business faces different threats, so what the organisation in the next office needs to defend against isn’t necessarily what you need to invest in. It’s important to get an understanding of your threat profile and align that with the risks you’re willing to take (or not take). From there, you can decide what you should be investing in.

How do I educate my team to handle cyber threats?

The cyber threat is ever-changing and even with the best technical defences in place, the end-users (i.e. humans) are usually the weakest link. That is not to say that cyber security should only be non-technical, but it is important to have the right balance. Knowing where to start for cyber security generally can be difficult and working out what your team needs to know is a bit overwhelming. Like knowing where to invest your budget, how you train your team also starts with understanding your specific threats.

What do I do when something goes wrong?

Frustratingly, you’ve put in place all these useful security controls, but with the threats changing so often, keeping up can be hard. Therefore, it’s important to have the mindset that, it’s not about if you get breached, it’s about when you get breached and then how you handle it. Having a plan in place will ensure the consequences of a breach don’t undo of all your hard work in developing your organisation and building your reputation. 

Speak to a specialist

Please use the form below to get in touch, one of our specialists will get back to you within one business day.