From BOTECH, together with our partner 1st Secure IT, a global reference in PCI-DSS certifications for more than a decade in the US and Latin America, we promote compliance with the PCI Data Security Standard (PCI DSS) to help our customers to:
Ensure the data protection and security in online economic transactions.
Minimize fraud while avoiding serious penalties for non-compliance with the PCI DSS.
Transmit trust and security to the consumers in establishments or associated organizations.
Support the organizations in implementing the good security practices outlined in the standard.
What is PCI DSS?
The PCI DSS (Payment Card Industry Data Security Standard) regulation is a security standard that aims to reduce credit card fraud and increase data security in online transactions.
This standard, developed by the principal credit card companies (VISA, MasterCard, Discover, JCB, and AMEX), summarizes the necessary measures to guarantee the data protection and security of the online transactions. No matter the activity of your organization. If you process, store, or transmit card data, you must comply with the standard or risk losing their permission to process cards, facing rigorous audits, or be penalized with heavy fines.
Frequently Asked Questions
Why do you need to comply with PCI?
If your organization processes, stores, or transmits card data, you must comply with the standard or risk losing their permission to process cards, facing rigorous audits, or be penalized with heavy fines.
What does PCI auditing mean?
It means that the QSA (Qualified Security Assessor) Certification Authority must assess the business or organization and validate its compliance with the PCI standard. A GAP Analysis can be performed beforehand to analyze all the existing security processes and determine which controls apply to you.
What does GAP PCI mean?
The business must hire a QSA (PCI DSS Certification Authority) to perform a PCI compliance analysis based on the applicable controls, depending on the payment method, infrastructure, processes, and business operations.
What is a SAQ?
It is a Self-Assessment Questionnaire that allows the customer to obtain its certification according to the operation and mode of transacting. The SAQ is done once a year, but the vulnerability scanning must be approved quarterly.
How long does the PCI certification last?
It must be completed annually, as well as the audit, but it is recommended to obtain approved reports quarterly.
Is it valid for all brands?
The PCI DSS certification is internationally valid and is supported by all brands: Visa, MasterCard, JCB, Discover, and American Express.
The evaluation method is performed through the following steps:
1. Initial Training Course
During this phase, topics on general concepts, key points for compliance are addressed and awareness within the organization is promoted.
2. Expert advice
Conducting interviews and reviewing the necessary documentation to establish and record the active processes and the suppliers involved that will determine the scope of PCI DSS.
3. Free GAP Analysis
Free GAP Analysis for new clients, by collecting information, in order to analyze all existing security processes and determine the level of compliance of the organization.
4. Accompaniment and advice
A QSA consultant conducts monthly visits for ongoing advice throughout the implementation process.
We retrieve information to determine the due compliance of the PCI DSS. The evaluation is included in the final report ROC (Report on Compliance) and AOC (Attestation of Compliance).
6. Final revision
Prepares the documentation of the PCI DSS compliance status and the subsequent preparation of the ROC and AOC report.