In December 2004 Visa U.S.A. announced that it had aligned its Cardholder Information Security Program (CISP) with MasterCard‘s Site Data Protection (SDP) program. The resulting security standards, security audit procedures and scanning requirements became known as the Payment Card Industry (PCI) Data Security Standards (DSS) commonly referred to as PCI-DSS. In addition to acceptance by Visa and MasterCard, the PCI DSS and the PCI Report on Compliance were accepted by Discover, American Express, Diners Club and JCB.

However, the responsibility for enforcing compliance with PCI security requirements remains with the card companies such as Visa and MasterCard.
The PCI-DSS defines a widely accepted standard of due care for securing cardholder data and its requirements apply to all organisations that store, process, or transmit cardholder information.

Why Us?

 PCI-DSS Compliance guarantee: A key aspect of our PCI-DSS consultancy programme is that we guarantee that our clients will successfully achieve PCI-DSS compliance within the agreed timeline of this project. This guarantee, which is of course subject to contract, ensures that we make one of our team available to help develop presentation for Visa/MasterCard at no additional cost to the bank.

Ensuring Card Payment System‘s Value Chain: We believe that to serve you well, it is of paramount importance that you develop the skills and knowledge necessary to enforce (and monitor) the PCI-DSS controls. We will handhold your staff after the completion of the project for a period of 20 working days to ensure they can run on their own. Therefore our approach is with a clear project focus on developing the knowledge and confidence of your staff involved to maintain the PCI-DSS within your organisation. Our alliances and team formation have substantial experience to deliver on this project with utmost accuracy and measurable value-add to your organization.

Benefits of PCI DSS Certification.
One of benefits of PCI compliance is that your organization will not be fined in case of a compromise. If the post-mortem analysis shows that your company was still compliant at the time of the incident, no fines will be assessed, and you will be granted what is known as “safe harbor.” It is likely that your company will be taken to civil court regardless of your compliance status should a breach occur. However, a jury will be much more sympathetic to your company’s case if you can show that due diligence was practice by the virtue of PCI compliance.

More immediately, if your company is a Level 1 or Level 2 merchant, you may be eligible to receive a part of the $20 million in financial incentives from Visa. In December 2006, Visa USA announced their PCI Compliance Acceleration Program (CAP).Those merchants that demonstrate compliance by August 31, 2007, may receive a one-time payment incentive.

Another form of incentive deals with transaction costs. As part of the CAP program, Visa USA announced that the interchange rates will not be discounted for acquirers that have not validated PCI compliance of their merchant clients. Come October 1, 2007, acquirers may start passing the increased costs to the merchants that have not reached compliance.

Whether it is avoiding fines or getting incentives, the greatest benefit of PCI compliance is the peace of mind that your IT infrastructure and business processes are secure. Again, if you are a CFO or a comptroller, think about the data breach cost avoidance. Crunch the ROI numbers as you read more and more about TJX’s plight. Your marketing department may also appreciate the compliance status.The name of your company will be listed on each card brand’s Web site.You can also get certification logos from your QSAC, a must have for your Web site.A recent poll showed that 40 percent of consumers will not deal with a company they know has been breached, so by addressing your customers’ concerns you may get more business in the process.

If your organization is considering PCI DSS certification, contact us