From BOTECH, we promote compliance with the PCI Data Security Standard (PCI DSS) to help our customers.

What is PCI DSS?

PCI DSS, managed by the PCI Security Standards Council (PCI SSC), is a security standard that aims to reduce credit card fraud and increase the security of transaction data.

This regulation is the result of an effort to unify security programs implemented by VISA, MasterCard, Discover, JCB, and AMEX brands. Companies that process, store, or transmit card data must comply with the standard or risk losing their permission to process cards, face rigorous audits, or be penalized by heavy fines.


Ensure the data protection and security in online economic transactions


Minimize fraud while avoiding serious penalties for non-compliance with the PCI DSS.


Transmit trust and security to the consumers in establishments or associated organizations.


Support the organizations in implementing the good security practices outlined in the standard.


PCI DSS compliance is complicated and costly but necessary to protect the user, safeguard the transaction and establish a mark of quality. To offer the highest quality in our service, we have created PCI Box, a set of technologies and services created by the company’s experts, where we have used our extensive experience in fraud issues over the last 15 years to facilitate compliance with the regulations.

PCI Box consists of:

  • Portal for evidence management, quarterly vulnerability scans (ASV) and completion of the self-assessment questionnaire (SAQ).
  • ISOPH FIM: a cloud-based technology that continuously monitors files to see if they have undergone any unauthorized and unexpected changes. This file integrity scanner allows organizations to anticipate and foresee potential attacks and security breaches and is a prerequisite for PCI DSS compliance.
  • PCI DSS awareness program through BOTECH Academy, the company’s corporate training and awareness area.

Success case

Alisys relies on BOTECH for PCI DSS compliance.

What does GAP PCI mean?

The business must hire a QSA (PCI DSS Certification Authority) to perform a PCI compliance analysis based on the applicable controls, depending on the payment method, infrastructure, processes, and business operations.

Why do you need to comply with PCI?

If your organization processes, stores, or transmits card data, you must comply with the standard or risk losing their permission to process cards, facing rigorous audits, or be penalized with heavy fines.

What is a SAQ?

It is a Self-Assessment Questionnaire that allows the customer to obtain its certification according to the operation and mode of transacting. The SAQ is done once a year, but the vulnerability scanning must be approved quarterly.

What does PCI auditing mean?

It means that the QSA (Qualified Security Assessor) Certification Authority must assess the business or organization and validate its compliance with the PCI standard. A GAP Analysis can be performed beforehand to analyze all the existing security processes and determine which controls apply to you.

How long does the PCI certification last?

It must be completed annually, as well as the audit, but it is recommended to obtain approved reports quarterly.

Is it valid for all brands?

The PCI DSS certification is internationally valid and is supported by all brands: Visa, MasterCard, JCB, Discover, and American Express.


The evaluation method is effected through the following steps:

1. Initial training course

General concepts will be addressed during this phase, as well as key compliance points and the promotion of awareness within the organization.

2. Expert advice

Interviews will be conducted, and documentation will be reviewed that is needed to establish and record the active processes and providers involved that will determine the scope of the PCI DSS.

3. Free GAP analysis

We conduct a free GAP analysis for new customers by gathering information to analyze all the existing security processes and determine the level of organizational compliance.

4. Accompaniment and advice

A QSA consultant conducts monthly visits for ongoing advice throughout the implementation process.

5. On-site audit

We retrieve information to determine PCI DSS compliance. The assessment is recorded in the final ROC report (Report on Compliance) and AOC (Attestation of Compliance).

6. Final Review

The documentation is prepared regarding the PCI DSS compliance status and the subsequent preparation of the ROC and AOC.

Do you need to comply with the PCI DSS standard? Let's talk!

  • If your organization transmits, processes, or stores payment card data, you must comply with PCI DSS.
  • Transmit confidence and security to your customers.
  • We certify in Europe, the U.S.A., and Latin America.
  • Ask us, and our team of experts will answer any questions that you may have.

Send us an email to info@botechfpi.com or fill in the following contact form.