From BOTEC we promote compliance with the PCI Data Security Standard (PCI DSS) to help our customers.
Is it the first time you are getting certified? Do you already know the PCI requirements and want to get recertified online?
BOTECH offers you the possibility, through a simple assessment questionnaire, in compliance with the requirements established by PCI DSS.
Ensure the data protection and security in online economic transactions.
Minimize fraud while avoiding serious penalties for non-compliance with the PCI DSS.
Transmit trust and security to the consumers in establishments or associated organizations.
Support the organizations in implementing the good security practices outlined in the standard.
What is PCI DSS?
The PCI DSS (Payment Card Industry Data Security Standard) regulation is a security standard that aims to reduce credit card fraud and increase data security in online transactions.
This standard, developed by the principal credit card companies (VISA, MasterCard, Discover, JCB, and AMEX), summarizes the necessary measures to guarantee the data protection and security of the online transactions. No matter the activity of your organization. If you process, store, or transmit card data, you must comply with the standard or risk losing their permission to process cards, facing rigorous audits, or be penalized with heavy fines.
Complying with PCI DSS is complicated and costly but it is necessary to protect the user, safeguard the transaction and establish a quality brand. To offer the highest quality in our service, we have created PCI Box, a set of technologies and services created by the company’s experts, where we have used our extensive experience in fraud issues over the last 15 years to facilitate compliance with the regulations.
PCI Box consists of:
- Portal for evidence management, quarterly vulnerability scans (ASV) and completion of the self-assessment questionnaire (SAQ.
- ISOPH FIM: a cloud-based technology that performs continuous monitoring of files, allowing to know if they have undergone any unauthorized and unexpected changes. This file integrity scanner allows organizations to anticipate and foresee potential attacks and security breaches and is a prerequisite for PCI DSS compliance.
- PCI DSS awareness program through Botech Academy, the company’s enterprise training and awareness area.
Frequently Asked Questions
Why do you need to comply with PCI?
If your organization processes, stores, or transmits card data, you must comply with the standard or risk losing their permission to process cards, facing rigorous audits, or be penalized with heavy fines.
What does GAP PCI mean?
The business must hire a QSA (PCI DSS Certification Authority) to perform a PCI compliance analysis based on the applicable controls, depending on the payment method, infrastructure, processes, and business operations.
What is a SAQ?
It is a Self-Assessment Questionnaire that allows the customer to obtain its certification according to the operation and mode of transacting. The SAQ is done once a year, but the vulnerability scanning must be approved quarterly.
What does PCI auditing mean?
It means that the QSA (Qualified Security Assessor) Certification Authority must assess the business or organization and validate its compliance with the PCI standard. A GAP Analysis can be performed beforehand to analyze all the existing security processes and determine which controls apply to you.
How long does the PCI certification last?
It must be completed annually, as well as the audit, but it is recommended to obtain approved reports quarterly.
Is it valid for all brands?
The PCI DSS certification is internationally valid and is supported by all brands: Visa, MasterCard, JCB, Discover, and American Express.
The evaluation method is performed through the following steps:
1. Initial Training Course
During this phase, topics on general concepts, key points for compliance are addressed and awareness within the organization is promoted.
2. Expert advice
Conducting interviews and reviewing the necessary documentation to establish and record the active processes and the suppliers involved that will determine the scope of PCI DSS.
3. Free GAP Analysis
Free GAP Analysis for new clients, by collecting information, in order to analyze all existing security processes and determine the level of compliance of the organization.
4. Accompaniment and advice
A QSA consultant conducts monthly visits for ongoing advice throughout the implementation process.
We retrieve information to determine the due compliance of the PCI DSS. The evaluation is included in the final report ROC (Report on Compliance) and AOC (Attestation of Compliance).
6. Final revision
Prepares the documentation of the PCI DSS compliance status and the subsequent preparation of the ROC and AOC report.