Certification
The PCI DSS (Payment Card Industry Data Security Standard) is a fundamental standard for ensuring the security of payment card data.
Compliance with this standard is an essential requirement for all businesses handling electronic payments.
What is the PCI DSS Standard?
The Payment Card Industry – Data Security Standard (PCI DSS) is a globally recognized security framework that applies to any entity that stores, processes, or transmits credit or debit card numbers (Primary Account Number – PAN).
Developed by the Payment Card Industry Security Standards Council (PCI SSC), founded by major payment brands like VISA, MasterCard, American Express, JCB, and Discover, this standard sets a minimum-security benchmark to protect cardholder data.
The main goal of PCI DSS is to ensure the confidentiality, integrity, and availability of sensitive payment card data, preventing unauthorized access, tampering, or destruction.
Certification
What is the PCI DSS Standard?
The Payment Card Industry – Data Security Standard (PCI DSS) is a globally recognized security framework that applies to any entity that stores, processes, or transmits credit or debit card numbers (Primary Account Number – PAN).
Developed by the Payment Card Industry Security Standards Council (PCI SSC), founded by major payment brands like VISA, MasterCard, American Express, JCB, and Discover, this standard sets a minimum-security benchmark to protect cardholder data.
The main goal of PCI DSS is to ensure the confidentiality, integrity, and availability of sensitive payment card data, preventing unauthorized access, tampering, or destruction.
The PCI DSS (Payment Card Industry Data Security Standard) is a fundamental standard for ensuring the security of payment card data.
Compliance with this standard is an essential requirement for all businesses handling electronic payments.
Our approach to
PCI DSS
At GERICO Security, our Qualified Security Assessors (QSA) provide expert support in navigating the PCI DSS assessment process, ensuring businesses meet payment security requirements efficiently and effectively.
How We Support Your PCI DSS Compliance
Scope Definition & Assessment
- Identifying and confirming the scope of the PCI DSS evaluation.
- Conducting a thorough PCI DSS compliance evaluation, testing security controls against each requirement.
- Preparing and submitting the appropriate compliance reports, including:
Self-Assessment Questionnaire (SAQ)
Report on Compliance (ROC)
Compensating Controls documentation (if applicable) - Completing the Attestation of Compliance for merchants and service providers, as required by PCI SSC guidelines.
- Submitting the SAQ, ROC, and AOC, along with any required supporting documents (e.g., Approved Scanning Vendor (ASV) scan reports), to the appropriate entities:
Acquirers (for merchants)
Payment brands or other requesting entities (for service providers) - If necessary, assisting with remediation efforts to address non-compliant areas and providing an updated compliance report.
What We Offer
At GERICO Security, our Qualified Security Assessors (QSA) provide expert guidance and hands-on support for businesses navigating PCI DSS compliance.
Our PCI DSS Services
Scope Definition & Reduction
- Defining the payment card data environment
- Advising on segmentation strategies to reduce PCI DSS scope
Documentation & Compliance Support
- Assisting in the development of PCI DSS-required documentation
- Ensuring all policies and procedures meet compliance standards
Technical Implementation
- Collaborating with top-tier technology partners to implement required PCI DSS security measures
Validation & Certification
- Conducting assessment and verification of PCI DSS compliance
- Completing Self-Assessment Questionnaires (SAQ), signed off by a QSA
GERICO Security – A Certified QSA Company
As a QSA Company, recognized by the PCI Security Standards Council, GERICO Security is fully accredited to conduct:
Level 1 Audits – Report on Compliance (RoC) and Attestation of Compliance (AoC)
Level 2 Audits – SAQ completion with QSA-signed AoC
ASV Scanning – In compliance with Requirement 11.2.2
- Specialized PCI DSS Training Courses For All Staff
- Introduction to PCI DSS – 2 hours
- For Information Security Personnel
- Advanced PCI DSS Training – 8 to 16 hours
