CERTIFICATIONS

PCI DSS, PIN Security, and PCI 3DS certifications

From BOTECH, together with our partner 1st Secure IT, a global reference in PCI-DSS certifications for more than a decade in the US and Latin America, we promote compliance with the PCI Data Security Standard (PCI DSS) to help our customers to:

Ensure the data protection and security in online economic transactions.

Minimize fraud while avoiding serious penalties for non-compliance with the PCI DSS.

Transmit trust and security to the consumers in establishments or associated organizations.

Support the organizations in implementing the good security practices outlined in the standard.

What is PCI DSS?

The PCI DSS (Payment Card Industry Data Security Standard) regulation is a security standard that aims to reduce credit card fraud and increase data security in online transactions.

This standard, developed by the principal credit card companies (VISA, MasterCard, Discover, JCB, and AMEX), summarizes the necessary measures to guarantee the data protection and security of the online transactions. No matter the activity of your organization. If you process, store, or transmit card data, you must comply with the standard or risk losing their permission to process cards, facing rigorous audits, or be penalized with heavy fines.

Get trained to protect customer and business payment card data!
PCI ISA Certification (Internal Security Assessment) May 26 and 27 in Madrid.
Registration deadline is March 25; What are you waiting for?

Frequently Asked Questions

Why do you need to comply with PCI?

If your organization processes, stores, or transmits card data, you must comply with the standard or risk losing their permission to process cards, facing rigorous audits, or be penalized with heavy fines.

What does PCI auditing mean?

It means that the QSA (Qualified Security Assessor) Certification Authority must assess the business or organization and validate its compliance with the PCI standard. A GAP Analysis can be performed beforehand to analyze all the existing security processes and determine which controls apply to you.

What does GAP PCI mean?

The business must hire a QSA (PCI DSS Certification Authority) to perform a PCI compliance analysis based on the applicable controls, depending on the payment method, infrastructure, processes, and business operations.

What is a SAQ?

It is a Self-Assessment Questionnaire that allows the customer to obtain its certification according to the operation and mode of transacting. The SAQ is done once a year, but the vulnerability scanning must be approved quarterly.

How long does the PCI certification last?

It must be completed annually, as well as the audit, but it is recommended to obtain approved reports quarterly.

Is it valid for all brands?

The PCI DSS certification is internationally valid and is supported by all brands: Visa, MasterCard, JCB, Discover, and American Express.

Methodology

The evaluation method is performed through the following steps:

1. Initial Training Course

During this phase, topics on general concepts, key points for compliance are addressed and awareness within the organization is promoted.

2. Expert advice

Conducting interviews and reviewing the necessary documentation to establish and record the active processes and the suppliers involved that will determine the scope of PCI DSS.

3. Free GAP Analysis

Free GAP Analysis for new clients, by collecting information, in order to analyze all existing security processes and determine the level of compliance of the organization.

4. Accompaniment and advice

A QSA consultant conducts monthly visits for ongoing advice throughout the implementation process.

5. Auditory

We retrieve information to determine the due compliance of the PCI DSS. The evaluation is included in the final report ROC (Report on Compliance) and AOC (Attestation of Compliance).

6. Final revision

Prepares the documentation of the PCI DSS compliance status and the subsequent preparation of the ROC and AOC report.

Do you need to comply with the PCI DSS standard?

  • If your organization transmits, processes or stores payment card data you must comply with PCI DSS.
  • Transmit confidence and security to your customers.
  • We certify in Spain, U.S.A and Latin America.
  • Ask us and our team of experts will answer any questions.

Send us an email to info@botechfpi.com or fill out the following contact form