Considered, cost-effective PCI compliance.
PCI compliance is mandatory, if you accept credit cards as a form of payment. PCI compliance can simple, quick and cost effective – that is, when you have the right company that takes time to understand your business. Stratica helps you get compliant and stay compliant quickly and effectively!
PCI compliance can be a complex and time-consuming topic. Yet, it is essential to every business within the Payment Card Industry (PCI).
Each senior advisor at STRATICA has over twenty years of industry experience.
We stay informed with the changes to PCI DSS Compliance Australia, so that you don’t have to.
How could Stratica’s best of breed software tools streamline the compliance journey and save you time?
At STRATICA, we use our exclusive, Australian-hosted VigiOne portal (StraticaOne) to streamline the PCI compliance review process and jointly sign off with you.
StraticaOne is an efficient, effective, and secure alternative to the dreaded and complex PCI spreadsheet template!
Our StraticaOne portal combines many useful tools into one platform so our clients can manage compliance in a “one-stop-shop”.
StraticaOne also includes access to training materials and will save you time, effort and ultimately money.
Yes. As set out by the PCI Security Standards Council (PCI SSC), “The PCI DSS applies to all entities that store, process, and/or transmit cardholder data. It covers technical and operational system components included in or connected to cardholder data. If you accept or process payment cards, PCI DSS applies to you.“
Getting ready for version 4.0 of the PCI DSS standards
With the release of PCI 4.0, the clock has started ticking for companies that transmit and use payment card information from consumers to transition to the new framework. In preparation for PCI 4.0 going into effect, we recommend that organizations plan for budgetary changes to adapt to the new requirements and additional risk-based security testing.
Implementing more significant changes will demand staffing and training efforts as well. Because many of the PCI security controls are 10 years old and major changes haven’t been made since 2015, so PCI DSS 4.0 is significant.
There are six specific areas that are affected within credit card data security standards. These areas are focused on security, customized implementation, authentication, encryption, monitoring, and critical control testing frequency methods.
Compliance may take between three months and one year, depending on each individual business. A highly experienced PCI QSA will get you compliant quicker than the average, which will also save you a lot of additional costs for drawn-out processes. Each senior advisor at STRATICA has over twenty years of industry experience and utilises the PAT (Prioritised Approach Template) reporting process. The PAT assists with efficient reporting of progress toward compliance.
PCI compliance is an annual audit. Book your annual PCI compliance audit here.
According to the PCI SSC, PCI DSS “protects cardholder data and sensitive authentication data wherever it is processed, stored or transmitted. The security controls and processes required by PCI DSS are vital for protecting all payment card account data, including the PAN – the primary account number printed on the front of a payment card.”
As both a merchant and a service provider, you are still obligated to be PCI compliant. Vulnerabilities can be present anywhere in the merchant card-processing procedure. Vulnerabilities can extend to service provider operated systems, which further involves financial institutions that accept the payment cards. Maintaining PCI DSS compliance assists in the protection of cardholder data and both merchant and service provider card-processing vulnerabilities.
No. If you accept card payments via a payment gateway you are still required to attain PCI compliance, as per the PCI DSS.
The PCI DSS Cloud Computing Guidelines outline the Cloud DSS, stating that , “it is a shared responsibility between the cloud service provider (CSP) and its clients. If payment card data is stored, processed or transmitted in a cloud environment, PCI DSS will apply to that environment and will typically involve validation of both the CSP’s infrastructure and the client’s usage of that environment… [This] does not exempt a client from the responsibility of ensuring that their cardholder data is properly secured according to applicable PCI DSS requirements.”
STRATICA gives you back your time, to do what you do best, while they do what they do best – Get you PCI compliant.
Forget the stress and let the best PCI Consulting Australia experts take you by the hand.
How do I get PCI compliant?
Depending on your classification or risk level, the PCI DSS compliance process is:
1. Scope – determine which system components and networks are in scope for PCI DSS
2. Assess – examine the compliance of system components in scope following the testing procedures for each PCI DSS requirement
3. Report – assessor and/or entity completes required documentation (e.g. Self-Assessment Questionnaire (SAQ) or Report on Compliance (ROC)), including documentation of all compensating controls
4. Attest – complete the appropriate Attestation of Compliance (AOC)
5. Submit – submit the SAQ, ROC, AOC and other requested supporting documentation such as ASV scan reports to the acquirer (for merchants) or to the payment brand/requestor (for service providers)
6. Remediate – if required, perform PCI DSS remediation to address requirements that are not in place, and provide an updated report