PCI DSS Compliance

PCI DSS

From BOTECH we promote compliance with the PCI Data Security Standard (PCI DSS) to help our customers

What is PCI DSS?

The PCI DSS (Payment Card Industry Data Security Standard) regulation is a security standard that aims to reduce credit card fraud and increase data security in online transactions.

This standard, developed by the principal credit card companies (VISA, MasterCard, Discover, JCB, and AMEX), summarizes the necessary measures to guarantee the data protection and security of the online transactions. No matter the activity of your organization. If you process, store, or transmit card data, you must comply with the standard or risk losing their permission to process cards, facing rigorous audits, or be penalized with heavy fines.

You can check that BOTECH is a QSA company certified by the Council.

I WANT TO KNOW MORE!

1.

Ensure the data protection and security in online economic transactions.

2.

Minimize fraud while avoiding serious penalties for non-compliance with the PCI DSS.

3.

Transmit trust and security to the consumers in establishments or associated organizations.

4.

Support the organizations in implementing the good security practices outlined in the standard.

PCI Box

PCI DSS compliance is complicated and costly but necessary to protect the user, safeguard the transaction and establish a mark of quality. To offer the highest quality in our service, we have created PCI Box, a set of technologies and services created by the company’s experts, where we have used our extensive experience in fraud issues over the last 15 years to facilitate compliance with the regulations.

PCI Box consists of:

Portal for evidence management, quarterly vulnerability scans (ASV) and completion of the self-assessment questionnaire (SAQ).
PCI DSS awareness program through BOTECH Academy, the company’s corporate training and awareness area.

Case of success

Alisys trusts BOTECH to comply with PCI DSS regulations.

CASE OF SUCCESS

What does GAP PCI mean?

The business must hire a QSA (PCI DSS Certification Authority) to perform a PCI compliance analysis based on the applicable controls, depending on the payment method, infrastructure, processes, and business operations.

What does SAQ (Self Assessment Questionnaire) mean?

The business can obtain its certification through an evaluation questionnaire, which, according to the operation and mode of transactions, will define the SAQ that best applies to it. The SAQ is done once a year, but the vulnerability scanning must be approved quarterly.

How long does the PCI certification last?

It must be completed annually, as well as the audit, but it is recommended to obtain approved reports quarterly.

Why do you need to comply with PCI?

Due to the current regulations on the obligations, time limits, and level of certification, businesses must comply with a PCI DSS standard system.

What does PCI auditing mean?

It means that the QSA Certification Authority must assess the business and validate its compliance with the PCI standard. A GAP analysis (GAP) can be performed beforehand to determine the compliance status and the controls that apply to it.

Is it valid for all brands?

The PCI DSS certification is internationally valid and is supported by all brands: Visa, MasterCard, JCB, Discover, and American Express.

Methodology

Our methodology complies strictly with the lines established by the PCI. We work with the customer to achieve the expected goals and to conduct the assessment. The evaluation method is effected through the following steps:

1. Initial training course

The goal is to address issues of general concepts, key compliance points, and to raise awareness within the organization.

2. Expert advice

Interviews will be conducted, and documentation will be reviewed that is needed to establish and record the active processes and providers involved that will determine the scope of the PCI DSS.

3. Free GAP analysis

We conduct a free GAP analysis for new customers by gathering information to analyze all the existing security processes and determine the level of organizational compliance

4. Accompaniment and advice

Monthly visits by a QSA consultant provide support and advice throughout the implementation process.

5. On-site audit

We retrieve the information needed to determine the PCI DSS compliance. The assessment will be recorded in the final ROC report (Report on Compliance) and AOC (Attestation of Compliance).

6. Final Review

The final phase prepares the PCI DSS compliance status documentation and the subsequent preparation of the ROC and AOC.

Testimonials

“Transmitting confidence and security to our customers is a maxim for us and in BOTECH we have found the perfect ally to achieve it. It is the perfect partner to comply with PCI DSS regulations in an agile and simple way. A compliance that allows us to guarantee data protection and security in our online economic transactions”.

Jeannine D’Enjoy,
Project Consultant en SILICE

“I very much appreciate your support in getting us PCI certified. We will be in contact for renewal every year. It was a pleasure working with you.”

Andrés Chávez,
President at Transportes Cruzados (grupo SEPCE) México

“BOTECH is the perfect partner. Their market knowledge and professionalism make it very easy to work together to comply with PCI DSS regulations and protect our customers’ data.”

José Manuel Fernández,
Vicepresident at Radioteléfono Taxi Madrid

Certified Companies

Botech Certifiers QSA (Qualified Security Assessor) and QPA (Qualified PIN Assessor)

botech-pci-qualifield-security-assesor-program

Do you need to comply with PCI DSS but you don't know how to do it?

If your organization transmits, processes, or stores payment card data, you must comply with PCI DSS.
Transmit confidence and security to your customers.
We certify in Europe and Latin America.
Ask us, and our team of experts will answer any questions that you may have.
Send us an email to info@botechfpi.com or fill in the following contact form