From BOTEC we promote compliance with the PCI Data Security Standard (PCI DSS) to help our customers.

Is it the first time you are getting certified? Do you already know the PCI requirements and want to get recertified online?

BOTECH offers you the possibility, through a simple assessment questionnaire, in compliance with the requirements established by PCI DSS.

    Ensure the data protection and security in online economic transactions.

    Minimize fraud while avoiding serious penalties for non-compliance with the PCI DSS.

    Transmit trust and security to the consumers in establishments or associated organizations.

    Support the organizations in implementing the good security practices outlined in the standard.

    What is PCI DSS?

    The PCI DSS (Payment Card Industry Data Security Standard) regulation is a security standard that aims to reduce credit card fraud and increase data security in online transactions.

    This standard, developed by the principal credit card companies (VISA, MasterCard, Discover, JCB, and AMEX), summarizes the necessary measures to guarantee the data protection and security of the online transactions. No matter the activity of your organization. If you process, store, or transmit card data, you must comply with the standard or risk losing their permission to process cards, facing rigorous audits, or be penalized with heavy fines.

    Alisys relies on BOTECH for PCI DSS compliance

    PCI Box

    Complying with PCI DSS is complicated and costly but it is necessary to protect the user, safeguard the transaction and establish a quality brand. To offer the highest quality in our service, we have created PCI Box, a set of technologies and services created by the company’s experts, where we have used our extensive experience in fraud issues over the last 15 years to facilitate compliance with the regulations.

    PCI Box consists of:

    • Portal for evidence management, quarterly vulnerability scans (ASV) and completion of the self-assessment questionnaire (SAQ.
    • ISOPH FIM: a cloud-based technology that performs continuous monitoring of files, allowing to know if they have undergone any unauthorized and unexpected changes. This file integrity scanner allows organizations to anticipate and foresee potential attacks and security breaches and is a prerequisite for PCI DSS compliance.
    • PCI DSS awareness program through Botech Academy, the company’s enterprise training and awareness area.

    Frequently Asked Questions

    Why do you need to comply with PCI?

    If your organization processes, stores, or transmits card data, you must comply with the standard or risk losing their permission to process cards, facing rigorous audits, or be penalized with heavy fines.

    What does GAP PCI mean?

    The business must hire a QSA (PCI DSS Certification Authority) to perform a PCI compliance analysis based on the applicable controls, depending on the payment method, infrastructure, processes, and business operations.

    What is a SAQ?

    It is a Self-Assessment Questionnaire that allows the customer to obtain its certification according to the operation and mode of transacting. The SAQ is done once a year, but the vulnerability scanning must be approved quarterly.

    What does PCI auditing mean?

    It means that the QSA (Qualified Security Assessor) Certification Authority must assess the business or organization and validate its compliance with the PCI standard. A GAP Analysis can be performed beforehand to analyze all the existing security processes and determine which controls apply to you.

    How long does the PCI certification last?

    It must be completed annually, as well as the audit, but it is recommended to obtain approved reports quarterly.

    Is it valid for all brands?

    The PCI DSS certification is internationally valid and is supported by all brands: Visa, MasterCard, JCB, Discover, and American Express.

    Did you know that File Integrity Monitoring is a must in order to comply with PCI DSS?


    The evaluation method is performed through the following steps:

    1. Initial Training Course

    During this phase, topics on general concepts, key points for compliance are addressed and awareness within the organization is promoted.

    2. Expert advice

    Conducting interviews and reviewing the necessary documentation to establish and record the active processes and the suppliers involved that will determine the scope of PCI DSS.

    3. Free GAP Analysis

    Free GAP Analysis for new clients, by collecting information, in order to analyze all existing security processes and determine the level of compliance of the organization.

    4. Accompaniment and advice

    A QSA consultant conducts monthly visits for ongoing advice throughout the implementation process.

    5. Auditing

    We retrieve information to determine the due compliance of the PCI DSS. The evaluation is included in the final report ROC (Report on Compliance) and AOC (Attestation of Compliance).

    6. Final revision

    Prepares the documentation of the PCI DSS compliance status and the subsequent preparation of the ROC and AOC report.

    Do you need to comply with the PCI DSS standard?

    • If your organization transmits, processes or stores payment card data you must comply with PCI DSS.
    • Transmit confidence and security to your customers.
    • We certify in Europe and Latin America.
    • Ask us and our team of experts will answer any questions.

    Send us an email to info@botechfpi.com or fill out the following contact form

    Please fill up the form and we’ll be in touch soon.

      It is the first time that I certifyRecertification