PCI DSS

In this blog, we address one of the big questions facing organisations which accept payment cards and are looking to comply with the PCI DSS. Should we outsource the storing, processing and...

In recent blogs, we have focused on how best to ensure you comply with the PCI Data Security Standard. However, this week we will look at what the benefits are of achieving and maintaining compliance…

While it’s one of the areas that IT and security departments find challenging, documentation (and compliant evidence) is what makes for a happy and satisfied PCI Qualified Security Assessor (QSA)...

As a Payment Card Industry Qualified Security Assessor (PCI QSA) company, we are often asked by organisations which process card payments what are main pitfalls to avoid in complying with...

There’s no getting away from the fact that preparing for a PCI DSS ROC can be a bit of a trial, and particularly for those who are experiencing their first visit from a QSA. Like most trials...

We are often asked, both by those new to PCI DSS and those who have been involved for a while, what is the difference between a merchant and a service provider, what are the ‘levels’ and what do...

For an organisation to achieve and maintain compliance to the Payment Card Industry Data Security Standard (PCI DSS), the Payment Card Industry Security Standard Council (PCI SSC) encourages...

In this article, we aim to clarify what requirements the Payment Card Industry Data Security Standard (PCI DSS) places around the protection of cardholder data (CHD) and, in particular, sensitive...

In our previous blog, we looked at where your PCI compliance journey starts. The first step is understanding the flow of your payment card data – by that we mean where payment card information...

Often referred to as the PCI DSS or quite simply PCI, the Standard was developed by the founding payment brands of the PCI Security Standards Council (SSC), including MasterCard Worldwide, Visa...

The Payment Card Industry Security Standards Council (PCI SSC) defines scoping as “the process of identifying all system components, people, and processes to be included in a PCI DSS assessment to...

PCI remediation is an essential activity for any organisation wishing to fully comply with the applicable 12 technical and operational control requirements of the PCI DSS. Whilst many PCI remediation

URM’s PCI DSS gap analysis service is aimed at those organisations which are looking to benchmark their current corporate information security practices (relating to payment card data) against...