PCI DSS Level 1 Compliance Project for a Payment Services Company
If your business handles card payments online, PCI Compliance proves to be a significant consideration that you never want to sidestep. The set of instructions in the standard ensures that all enterprises that handle credit card information maintain a secure environment.
What is PCI DSS Level 1?
PCI DSS Compliance, Level 1 points to a set of requirements ensuring enterprises that handle credit card information maintain information security to the highest grade. The compliance describes that a merchant processing over 6 million Visa transactions per year need to meet the level 1 requirements to minimize risk to the system. Here, PCI QSA companies help organizations validate their compliance. ValueMentor PCI SSC Certified Assessors in the Egypt use adept skills and knowledge to audit payment card processing environment in line with PCI DSS requirements.
So, here is a case study on PCI DSS Level 1 Compliance Project performed by ValueMentor for a well-known Payment Services Company in Egypt.
About the Client
The client is a well-known and established firm offering financial and payment services to consumers and businesses in Egypt. The nationwide electronic payment network provides payment services for merchants and furnishes a seamless Omni-channel experience in a convenient and secure path. As we just pointed out, security is their priority, and that’s where the engagement cause stood up, and we were ever ready to fuel and fulfil all their security essentials.
The client requirement for the engagement was to: –
- Perform a Gap Assessment to define the scope of PCI Compliance
- Provide an Action Plan to achieve PCI DSS Compliance
- Assist in remediation by providing advisory services
- Perform Technical Assessments
- Perform the QSA Audit
- Prepare the Report on Compliance (ROC) and perform the QA
- Issue the Attestation of Compliance (AOC) & a Certificate based on the AOC
- One major challenge involved in the engagement was to align multiple views within various tiers of management. Here, our team offered an initial consultation with the top-tier management, aligning their goals and objectives.
- Another challenge that stood on the path was performing a tailored compliance approach within a controlled timeline. Our team was always ready for the plan, transforming the standard deliverables into tailored ones within the timelines.
- Defined the complete PCI environment scope
- Conducted awareness session for project stakeholders
- Assessed the current state of cardholder data flow through the network, devices, applications, databases, and other storage media
- Identified gaps and prepared a remediation plan
- Provided advisory support for the closure of identified gaps
- Provided security awareness training for the personnel in scope
- Provided advisory for remediation activities
- Performed first quarter assessments as a part of PCI technical assessments
- QSA performed revalidation of scope after successful remediation from client personnel.
- Prepared Report on Compliance
- Issued Attestation of Compliance (AOC) & a Certificate based on the AOC
Following are the deliverables while navigating various phases of the engagement, like Project Initiation, Gap Assessment, Remediation Plan & Support and Final Audit & Certification.
- Project Plan & signed NDA
- Final Scope Document
- PCI DSS Initial Gap Assessment Report
- Remediation Roadmap with Recommendations
- Quarterly ASV Scan and Re-scan Reports
- Remediation support through emails, telephones
- Advisory support & assistance to meet the PCI-DSS requirements
- Report on Compliance (ROC)
- Attestation of Compliance (AOC)
- Certificate of Compliance (COC)
Our team successfully completed the compliance project within the specified timeline. The client was awarded an Attestation of Compliance & Certificate of Compliance upon meeting the complete level 1 requirements of PCI DSS. Ongoing support for the remaining quarter and annual assessments to follow as a part of a 3-year project commitment.
Achieving and maintaining PCI Level 1 Compliance has a wide array of benefits for your business.
- Reduces the fraud risk and prevents compromises
- Prevent fines resulting from security compromises
- Automatic rectification of issues related to coding and configuration
- Robust security infrastructure with annual penetration tests and vulnerability scans
- A PCI DSS Level 1 hosting platform, specifically meeting all the 12 PCI guidelines
- Achieve better rates from banks as a merchant for being PCI compliant
- A guaranteed secure PCI environment