The Payment Card Industry Data Security Standard (PCI DSS) Compliance

Rarely does a day go by without news of another breach of personal information. These breaches are certainly not industry-specific, and they range from large-scale retailers to financial institutions to healthcare organizations. As a result, credit card issuers are aggressively enforcing PCI DSS compliance to safeguard cardholder information and prevent losses, so you need an experienced partner with a proven process and track record of success.

PCI Compliance Support

Our PCI assessments help businesses achieve and maintain PCI compliance in accordance with the PCI SSC’s and Card Brands’ annual required audits. Following best-practice guidelines, FoxPointe’s PCI compliance assessments are conducted by experts with in-depth experience in market and compliance requirements, and supported by intelligence derived from our IT Risk Management team, a recognized leader in IT risk management services across all verticals and industries.

pci compliance

Expertise to help you succeed.

Partnering with The Bonadio Group, an authorized Qualified Security Assessor (QSA) Firm, FoxPointe Consultants can help guide you through the entire PCI compliance process. All FoxPointe engagements are led by a PCI QSA, who will work with you to provide leading expertise relative to the best approach to the achieving PCI DSS compliance certification.

The New PCI DSS v4.0 Requirements

There are sixty-four (64) new and evolving requirements introduced as part of PCI DSS v4.0. Additionally, there were many changes to the framework structure, format, numbering, and wording that are not considered new and evolving but do represent changes. Of the new 64 requirements, many will be applicable even for organizations that previously had a reduced scope. For example, the SAQ A under 4.0 now requires external vulnerability scanning, and Requirements 6.4.3 and 11.6.1 necessitate additional security measures on e-commerce payment pages. Many of these new requirements are challenging to understand, even for experienced GRC Professionals and Technical Subject Matter Experts (SMEs). Our PCI QSAs have been fully trained in PCI DSS 4.0 and have been performing gap assessments for numerous clients since the release. What we’ve observed so far is a significant learning curve in getting everyone on the same page with what the new requirements are asking and what types of evidence need to be provided. Working with a QSA directly helps alleviate some of the new language barriers, ensuring both sides are in alignment.

Challenge: Understanding and interpreting the 64 new requirements is difficult.
Benefit: Working with a QSA, such as FoxPointe Solutions, is beneficial because our assessors are immersed in the PCI DSS every day and work closely with client teams to be a liaison between the framework and subject matter experts.

 

PCI Compliance Consulting Services

Partnering with The Bonadio Group, a QSA firm, we provide a variety of PCI DSS risk assessment services to satisfy the needs and requirements of your customers and clients. Assessment types include:

Our experts work with clients to ensure that they become PCI compliant and maintain compliance throughout the PCI lifecycle.

Hear What Our Clients Have to Say

“We were in need of a security officer who would understand our complex needs, help us troubleshoot and address areas of organizational risk in the technological arena, and instill the confidence that our systems and information were as secure as possible. The improvements in our security and the mitigation of risk were immediately appreciated. Carl is an excellent partner, always honest and transparent regarding areas in need of improvement and provides essential professional guidance to ensure compliance with all regulatory requirements.


I highly recommend FoxPointe for other organizations that want to ensure compliance and security with their Information Technology systems.”

Cindy Lee
CEO, OLV Human Services