PCI DSS
Recent posts on
PCI DSS

PCI DSS v4 – Changes at a Glance
Latest update:
2 Sep
2022
After several years wait, and to surprisingly little fanfare, the Payment Card Industry Security Standards Council (PCI SSC) released the new version of the PCI Data Security Standard (DSS) ...
Read more

PCI DSS
updateD:
24/8/2022
PCI SSC Remote Assessment Guidelines and ProceduresThe PCI SCC has recently released a new remote assessment guidelines and procedures. Here we address a number of key questions: What are the Main Contents? What Led to it Being Published? And others.

PCI DSS
updateD:
9/8/2022
5 Ways to Reduce Your PCI DSS ScopeAlmost all organisations that implement the Payment Card Industry Data Security Standard (PCI DSS) struggle with the scope of the applicability of the Standard. Even veterans of PCI DSS compliance...

PCI DSS
updateD:
9/8/2022
PCI DSS: Pros and Cons of OutsourcingIn this blog, we address one of the big questions facing organisations which accept payment cards and are looking to comply with the PCI DSS. Should we outsource the storing, processing and...

PCI DSS
updateD:
9/8/2022
Benefits of PCI DSS ComplianceIn recent blogs, we have focused on how best to ensure you comply with the PCI Data Security Standard. However, this week we will look at what the benefits are of achieving and maintaining compliance…

PCI DSS
updateD:
8/8/2022
PCI Policies, Procedures and Evidence – What is expected?While it’s one of the areas that IT and security departments find challenging, documentation (and compliant evidence) is what makes for a happy and satisfied PCI Qualified Security Assessor (QSA)...

PCI DSS
updateD:
8/8/2022
Top 5 common pitfalls of PCI DSS complianceAs a Payment Card Industry Qualified Security Assessor (PCI QSA) company, we are often asked by organisations which process card payments what are main pitfalls to avoid in complying with...

PCI DSS
updateD:
8/8/2022
Preparing for a Report on Compliance (ROC)There’s no getting away from the fact that preparing for a PCI DSS ROC can be a bit of a trial, and particularly for those who are experiencing their first visit from a QSA. Like most trials...

PCI DSS
updateD:
5/8/2022
What Are the Service Provider LevelsIn this blog, we turn our attention to service providers. The PCI Security Standards Council defines a service provider a ‘business entity that is not a payment brand, directly involved in the...

PCI DSS
updateD:
5/8/2022
What Are the Merchant LevelsWe are often asked, both by those new to PCI DSS and those who have been involved for a while, what is the difference between a merchant and a service provider, what are the ‘levels’ and what do...

PCI DSS
updateD:
5/8/2022
PCI DSS compliance as BAU (business as usual)For an organisation to achieve and maintain compliance to the Payment Card Industry Data Security Standard (PCI DSS), the Payment Card Industry Security Standard Council (PCI SSC) encourages...

PCI DSS
updateD:
5/8/2022
Can I Store Cardholder Data?In this article, we aim to clarify what requirements the Payment Card Industry Data Security Standard (PCI DSS) places around the protection of cardholder data (CHD) and, in particular, sensitive...

PCI DSS
updateD:
5/8/2022
How can URM help you to achieve PCI compliance and what is our approach?In our previous blog, we looked at where your PCI compliance journey starts. The first step is understanding the flow of your payment card data – by that we mean where payment card information...

PCI DSS
updateD:
5/8/2022
PCI DSS – The Payment Card Data Security Standard – What is it?Often referred to as the PCI DSS or quite simply PCI, the Standard was developed by the founding payment brands of the PCI Security Standards Council (SSC), including MasterCard Worldwide, Visa...

PCI DSS
updateD:
5/8/2022
PCI DSS Reduction and AssessmentThe Payment Card Industry Security Standards Council (PCI SSC) defines scoping as “the process of identifying all system components, people, and processes to be included in a PCI DSS assessment to...

PCI DSS
updateD:
4/8/2022
PCI DSS Remediation and ImplementationPCI remediation is an essential activity for any organisation wishing to fully comply with the applicable 12 technical and operational control requirements of the PCI DSS. Whilst many PCI remediation

PCI DSS
updateD:
4/8/2022
PCI DSS Gap AnalysisURM’s PCI DSS gap analysis service is aimed at those organisations which are looking to benchmark their current corporate information security practices (relating to payment card data) against...
URM is renowned for helping organisations to achieve the optimum balance when implementing an ISMS.
Find out more
How URM can help?
Consultancy
Are you looking for a PCI QSA?
As a long-established PCI QSA, URM is able to deliver a full PCI QSA-led audit and produce a report on compliance (RoC) as well as deliver a full QSA-led self-assessment questionnaire (SAQ)
Read more
Consultancy
Are you looking for help preparing for a PCI DSS assessment?
As a PCI QSA, URM can assist you with a range of services, including conducting gap analyses, helping you reduce your CDE scope, conducting penetration tests an
Read more
Consultancy
Do you need support in meeting your annual PCI DSS penetration testing requirements?
As a CREST-accredited penetration testing organisation, URM can complete internal and external penetration tests
Read more
"
Moving from our existing Pen Testers after 10 years was a difficult decision but I am really glad we did. It's been a pleasure working with you. The Pen Testing was extremely thorough and as hoped you were open to a collaborative deeper delve, far beyond what we were required to do for PCI DSS, which has been very useful.
Payment Service Provider
contact US
Let us help you
Let us help you in your compliance journey by completing the form and letting us know how we can best support you.