uk - en
Americas
en
fr
UK
en
France
fr
Global
en
fr
Contact us
Search
Home
Payment Card Industry Data Security Standard (PCI DSS)
Close up of customer paying card machine with with mobile device
Our Experts
Image of Mark Railton, Practice Lead - Cyber Security & Privacy Team

Mark RAILTON

Practice Lead - Cyber Security & Privacy Team

Image of Aparna Murali, Information Security Principal Consultant

Aparna MURALI

Information Security Principal Consultant

Payment Card Industry Data Security Standard (PCI DSS)

The payment security environment is continually challenged by new threats.
Our Experience
Requirements
Contact Us

We work in collaboration with clients and their suppliers to provide a robust and independent assessment to protect against potential risks, including annual Payment Card Industry Data Security Standard (PCI DSS) Audits.

Any organisation that stores, processes, transmits, or could affect the security of payment card data needs to make sure it keeps that data safe. Payment Card Industry Data Security Standard (PCI DSS) sets out 12 requirements, each made up of multiple controls, that organisations should implement to make sure they have appropriate cyber security in place to protect customer data. 

PCI DSS version 4.01 is now mandatory for all Merchants or Service providers that need to comply with PCI DSS, our team of experienced QSA’s can help you gain or maintain you compliance status.

Expert Qualified Security Assessors (QSAs)

Our team of experienced QSAs helps a wide range of Global and UK based organisations to achieve and maintain PCI DSS compliance. Our clients include household name retailers, Energy Companies and insurers as well as smaller organisations. 

Through our trusted advisor approach many of our client shave been with us in excess of five years or more. Talan's team is led by Mark Railton who has over 15 years’ experience of implementing PCI DSS for organisations in Tier One to Tier Four, from Version 1.0 to the current 4.01 version of PCI DSS.

Colleagues collaborating on visual board

Meet our Experts

Image of Mark Railton, Practice Lead - Cyber Security & Privacy Team
Mark Railton
Image of Aparna Murali, Information Security Principal Consultant
Aparna Murali

PCI DSS Requirements

Requirement 1

Install and Maintain Network Security Controls 

This control requires you to install and maintain a firewall and make sure you test it thoroughly including testing network connections and ensuring connections to untrusted networks are restricted. You may also need to implement other controls depending on the risks associated with your processing. We will check that your firewall meets the requirements and secures the data.

Requirement 2

Apply Secure Configurations to All System Components 

You will need to change any vendor-supplied default passwords and security settings, including ensuring any unnecessary services are disabled and removing unnecessary functionality. We will check that your systems set ups comply with the standard.

Requirement 3

Protect Stored Account Data 

You will need to protect any cardholder data you store, including ensuring you erase it when no longer needed and limit what you store to only what is necessary. You may also need to implement other controls based on the risks associated your processing activities. We will check that your data protections meet the requirements.

Requirement 4

Protect Cardholder Data with Strong Cryptography During Transmission 

You will need to ensure that cardholder data is protected when it is transmitted over public networks such as via email and online chat systems. We will check that your staff do not share unprotected data via these kinds of channels.

Requirement 5

Protect All Systems and Networks from Malicious Software 

You will need to install and regularly update anti-virus software, including performing and documenting regular system scans. We will check that your anti-virus is appropriate, up to date and that it is being used and maintained appropriately.

Requirement 6

Develop and Maintain Secure Systems and Software 

You will need to implement an information security management system (ISMS) to ensure your cyber security practices continuously improve. We will review your approach against our knowledge of best practices and the cyber threat environment to ensure it is fit for purpose.

Requirement 7

Restrict Access to System Components and Cardholder Data by Business Need to Know

You will need to ensure that access permissions are appropriate, including implementing a suitable approach to role-based access controls and user privileges. We will review your approach and ensure it meets the requirements.

Requirement 8

Identify Users and Authenticate Access to System Components 

You will need to implement an information security management system (ISMS) to ensure your cyber security practices continuously improve. We will review your approach against our knowledge of best practices and the cyber threat environment to ensure it is fit for purpose.

Requirement 9

Restrict Physical Access to Cardholder Data 

You will need to ensure that access permissions are appropriate, including implementing a suitable approach to role-based access controls and user privileges. We will review your approach and ensure it meets the requirements.  

 

Requirement 10

Log and Monitor All Access to System Components and Cardholder Data 

You will need to maintain appropriate records for audit purposes, such as events logs, and processes to review the logs for suspicious activity. You may need other controls depending on the risks associated with your processing. We will ensure your approach meets requirements.

Requirement 11

Test Security of Systems and Networks Regularly 

You will need to implement a test plan to ensure that controls are working as intended. This includes controls such as vulnerability scans, asset inventories and other controls. We will ensure your test plan is appropriate to manage your risks.

Requirement 12

Support information security with organisational policies and programs 

You will need to write and maintain an information security policy that explains your organisation’s approach to information security and the roles and responsibilities assigned throughout your organisation. We will ensure your policy is appropriate and that your team members understand it and follow it.

Your annual PCI DSS assessment and becoming BAU

Step 1 - Get in Touch

Have a no obligation chat about your requirements and what our process would look like for you. We can then advise you of resources that are likely to be required to get you ready for your assessment.

Step 2 - A Remediation Plan

Your QSA will work with you to schedule a gap analysis to establish your current position and provide you with your remediation plan to get ready for your full assessment.

Step 3 - Getting ready for the Formal Assessment

Your QSA will support you as you work through your remediation plan, explaining the requirements as you decide how to tackle your remediation plan.

Step 4 - Formal Assessment

We expect you will have no difficulty achieving your attestation of compliance. Your attestation will be provided to you after your successful assessment.

Step 5 - Yearly Renewal

PCI DSS certification needs to be renewed every year. Your QSA will ensure that you are aware of any updates and will contact you in good time to make sure you are ready for your reassessment.

Get in touch image for PCI DSS offering

Lets Talk!

If you would like to know more about our work or would like to speak with one of our experts, please complete our contact us form and one of our Qualified Security Assessors will be in touch.

Get in touch - Discover how we can help you

Related Expertise

Cybersecurity

Data Privacy

We believe in the diversity of our profiles, the richness of our experiences, our differences of opinion - this is what creates the strength and relevance of the Talan collective.

Your career Our job offers