From BOTECH FPI, in collaboration with 1st SecureIT, we promote compliance with PCI Data Security Standard (PCI DSS) to help our customers to a:
- Minimize the fraud.
- Support organizations in the implementation of good security practices included in the standard.
PCI DSS, managed by the PCI Security Standards Council (PCI SSC), is a mandatory security standard within the payment media industry and was born as a result of an effort to unify its own security programs by VISA, MasterCard, Discover, JCB and AMEX brands.
Our methodology complies strictly with the lines established by PCI. We work with the client to meet the expected objectives. The evaluation method is done through these steps:
Phase 1 – Initial training course
The objective is to address topics on general concepts, key points for compliance and awareness within the organization.
Phase 2 – Expert advice
Interviews will be conducted and the necessary documentation will be reviewed in order to establish and record the processes, assets and suppliers involved that will determine the scope of PCI DSS.
Phase 3 – free GAP analysis
We perform a free GAP Analysis for new clients through the collection of information, in order to analyse all existing security processes and determine the organization’s level of compliance.
Phase 4 – Backing and assessment
Backing and advice are carried out through monthly visits of a QSA consultant throughout all the implementation process.
Phase 5 – On site auditing
We retrieve the necessary information to determine the proper compliance with the PCI DSS. The evaluation done will be recorded in the final report ROC (Report on Compliance) and AOC (Attestation of Compliance).
Phase 6 – Final revision
The final phase is about documenting the compliance status with PCI DSS and the subsequent preparation of the ROC and AOC report.
Frequently asked questions (FAQ)
Why do you need to accomplish with PCI?
Due to the current regulations issued on the obligations, deadlines and certification level, markets must comply with a standard PCI DSS system.
What is the meaning of PCI auditing?
It means that the QSA Certification Authority must evaluate the trade and validate compliance with the PCI standard. A "Gap Analysis" or GAP can be previously performed to determine the compliance status and the controls applied to it.
What is the meaning of GAP PCI?
The market must contract a QSA (Certification Authority in PCI DSS) to perform a PCI compliance analysis based on controls applied to them, depending on the means of payment, infrastructure, processes and business operations.
What is the meaning of SAQ?
The market may obtain its certification through an evaluation questionnaire, which, according to the operative and the way of transacting, will define the SAQ that best applies. The SAQ is answered once a year, but the vulnerability scan must be approved quarterly.
How long does the PCI certification last?
It must be completed annually, as well as the audit, but it must seek to obtain approved reports in the vulnerability scan on a quarterly basis.
Is it valid for all brands?
PCI DSS certification is a certification with international validity and endorsed by all brands: VISA, Mastercard, JCB, Discover and American Express.