Overview 

PCI DSS (Payment Card Industry Data Security Standard) is the baseline standard mandated by the government to achieve cardholder data security. Every card payment industry must adhere to PCI DSS compliance to safeguard them from data theft and security breaches. Being a PCI QSA (Payment Card Industry Qualified Security Assessor) company, ValueMentor is qualified by the PCI Security Standards Council to validate the adherence of a service provider or merchant, who has a contractual obligation to comply with PCI DSS requirements. 

 

The Client 

The client is a pioneer in providing Managed Hosting and Cloud Infrastructure services across the Gulf region. With their established Managed Services Portfolio and the large customer base, the client offers cost-effective solutions with better security and improved reliability. 

 

Requirements 

As a cloud service provider, the client was obliged to adhere with the PCI DSS Compliance requirements, so that its customers can process payment card data safely. The client was looking for a trusted security partner who would help them effectively attain PCI DSS Compliance and reduce risk. 

 

Challenges 

The major challenges confronted during the project are listed below: 

1. The client faced difficulty in identifying the services needed to be included in the scope of PCI DSS. 
2. The underlying infrastructure of the private cloud used by the client had reached the end of support stage and the upgradation process was delayed due to technical constraints. 
3. Creating a responsibility matrix for PCI Compliance between the client and their customer. 

 

Strategy 

Being a QSA Company, ValueMentor helped the client to assess and evaluate all the PCI controls ensuring that the services offered are PCI compliant. 

1. The Cardholder data and cardholder data environment were critically evaluated for the scoping process. We identified as well as listed the services which had to be made PCI compliant. 
2. We identified the possible compensating controls which could provide a similar level of defense as the original PCI DSS requirement, to ensure that the high priority systems and devices are protected from zero-day attacks. 
3. We developed the responsibility matrix describing the responsibilities of the client and their end-customers, increasing transparency. 

 

Final Results 

ValueMentor is pleased to know that the project has enabled the client to deliver a certified payment processing environment, thus reassuring their customers about security.  

The PCI DSS Compliance services provided by ValueMentor helped the client, 

• Decrease risk of security breaches 
• Increase customer confidence 
• Meet global standards 
• Maintain strong brand identity 

The successfully completed the PCI DSS Certification and offers better transparency in terms of its compliance. 

  

Conclusion 

With prominent cybercrimes becoming a regular occurrence, it has become imperative for every organization to adopt a trusted security partner and assess their security posture regularly. PCI DSS Compliance encourages better security of the cardholder data and also avoids the massive costs associated with major breaches. 

 

ValueMentor 

ValueMentor is a pure–play information security services and consulting company. We are specialists in delivering Security Consulting Services to organizations across the globe and pioneers in Information Security Audit Services, Information Security Consulting Services and Managed Services.