Crossbow Labs

PCI DSS

Payment Card Security Data Security Standard (PCI-DSS) provides a list of 12 requirements, which span various technology and process verticals. The main objective is to ensure the security of the payment card data. 

  • Assessor Type
  • Applicability
  • Validity
  • Governing Body
  • Data Type
  • Regions
  • PCI QSA
  • MERCHANTS & SP’s
  • 1 Year
  • PCI SSC
  • CARDHOLDER DATA
  • GLOBAL
NETWORK SECURITY

REQUIRED

APP SECURITY

REQUIRED

PERIODIC VA&PT

REQUIRED

SOC OR NOC

REQUIRED

Risk management

Required

PCI-DSS is governed by the PCI Security Standards Council. 

 

Based on the number of transactions all merchants and service providers can opt for either a QSA assessment or an applicable PCI SAQ. 

QSA Validation: – This applies for all Level-1 merchants and services providers who process a high volume of transactions. Since there is a considerable risk to payment data in organisations dealing with a high volume to data an independent validation by a QSA is required. . 

PCI SAQ : Merchants and Service providers who fall under other levels can opt for an applicable SAQ. There are 7 types of SAQ’s for PCI-DSS compliance and a suitable SAQ can be selected. 

Why comply ?

If you are a merchant accepting payment cards or a service provider, which really means you either perform some transactions with payment cards, or can impact the security of the processes invoving payment card data, you will need to comply with PCI-DSS. 

PCI-DSS Consulting & Validation

The merchants and service providers are all categorised into levels based on the number of transactions they process in a year, into specific levels. Level 1 Merchants and Service Providers are required to validate via a PCI QSA. Other levels (Level 2 and above) can opt for the SAQ method of validation.

The payment brands provide guidance on what type of merchants or service providers qualify for an SAQ. 

PCI-DSS Consulting & Validation

Consulting

If you are beginning your PCI DSS compliance journey, Crossbow Labs consultants can review your requirements and guide you through it. The latest version of the PCI-DSS Standard is v4.0.  

 

Implementation Support

One of the most time consuming step in your compliance with PCI DSS will be the implementation of the requirements. Our experience in advising over 200 customers each year can help you short-script your efforts.  

QSA Validation

PCI QSA Validation is a yearly activity to demonstrate your continued compliance with the PCI DSS requirements. This is an audit activity and needs to be performed by Qualified Security Assessors identified by the PCI SSC. 

Bespoke Consulting

Ample preparation is required for compliance to the PCI-DSS requirements. Crossbow Labs teams provide PCI-DSS Consulting to help organizations achieve compliance using an optimal approach. 

PCI-DSS Consulting Experience

Experience in consulting organizations from various industries has enabled us to create an optimised approach which helps organizations become compliance with the PCI-DSS.

Crossbow Labs QSA teams have certified organizations across a variety of industry verticals.

Compliance Management

We built a compliance management tool to ensure managing a compliance standards as detailed as the PCI-DSS, in a seamless manner. You will get the PCI-DSS compliance management tool to manage your compliance for both PCI-DSS consulting and PCI QSA valdiation engagements with Crossbow Labs. 

Turnkey PCI-DSS Services

Being a full service vendor of PCI , we provide many support services needed to be PCI standards Compliant. This includes actives like Risk Assessment, VA & PT, Security Operations Center, Incident Response, Policya and Documentation, etc. 

Our Approach

PCI-DSS Consulting & PCI-QSA Validation Services

Various teams will be engaged in performing successful PCI-DSS consulting, implementation support and QSA Validation. Processes prescribed by the PCI security standards council will be adhered to. 

1. PCI-DSS Scope Formulation

Defining a specific scope is a critical step to reduce efforts of maintenance and could reduce the cost of compliance.

2. Initial Assessment

An assessment of the requirements in the context of the PCI scope helps identify the gaps and address them.

3. Implementation of Requirements

Implementation support will be provided during the remediation phase.

4. QSA Validation

QSA validation will be done based on the guidance provided by the PCI security standards council.

5. Evidence Collection & Reporting

All the evidences will be collected on the PCI-DSS Compliance Management Tool and the reporting will commence.

6. Compliance Maintenance

A calendar of activities and periodic evidence reminders, for maintaining compliance with the PCI-DSS will be made available on the PCI-DSS Compliance Management tool.

PCI-DSS Training

Frequently Asked Questions

The PCI DSS v4.0 standard is currently released and will be in effect from June 2023. Organizations looking to undergo PCI DSS validation now will be required to follow the v3.2 of the standard. 

Based on the number of transactions PCI-DSS 

The PCI DSS v4.0 standard has introduced the “Customised Approach Objective” to various requirements added to the “Defined Approach Testing Procedure”, which was present in the earlier versions of the standard. This enables organization’s undergoing PCI DSS validation to adopt a bespoke approach which meets the intended object of the specific PCI DSS requirement. There are other changes to the standard and can be found in the “PCI-DSS-v3-2-1-to-v4.0 Summary of Changes” document found in the PCI SSC website.
Link – https://www.pcisecuritystandards.org

Talk With an Expert

Learn more about how crossbow labs can help protect your business. Contact us today.