Menu

Payment Card Industry (PCI) compliance services

Maintain compliance and mitigate risk with PCI compliance services, including gap, vulnerability, RoC and quarterly review assessments.

Any organization that accepts cards as a form of payment or provides services to merchants in the areas of transmission, storage or processing of credit card data must comply with the standards of the Payment Card Industry (PCI) Security Standards Council. Noncompliance can have damaging effects, such as fines, higher transaction fees, loss of banking relationships and reputational harm in the wake of data breaches. Though they may be aware of the obligation, many organizations may not know their current PCI status or may not understand how best to implement a PCI program and remain in compliance.

RSM’s PCI compliance services address all aspects of PCI, including:

PCI Approved Scanning Vendor (ASV) vulnerability assessment. ASV vulnerability assessments identify known network, operating system, web application and server exploits and vulnerabilities with the use of automated tools in accordance with PCI Data Security Standards requirements. Without knowing what vulnerabilities are present, it is impossible to remediate or mitigate them. Our assessment brings an organization’s knowledge of its vulnerabilities from unknown to known. RSM is a certified PCI ASV authorized to perform these assessments.

PCI compliant penetration testing. This testing determines if possible vulnerabilities in internet-facing and internal applications and systems jeopardize cardholder data security.

PCI gap assessment. A gap assessment helps you to determine your readiness for an on-site Report on Compliance (RoC) assessment by identifying key areas of weakness and noncompliance. The project results in steps needed to achieve compliance and to understand how to maintain compliance with evolving security compliance obligations.

PCI Report on Compliance and Attestation of Compliance (RoC/AoC). PCI compliance is a contractual requirement for organizations that accept payment by credit card. Level 1 merchants are required to submit a PCI RoC/AoC to verify whether required policies, procedures and controls are in place. The RoC/AoC must be completed by a Qualified Security Assessor (QSA) on an annual basis to verify compliance with relevant controls. RSM’s consultants are QSA certified and can complete the RoC/AoC for clients.

PCI service provider quarterly review. Starting in 2018, PCI service providers must conduct quarterly reviews to confirm personnel are following security policies and operational procedures. This RSM service enables providers to establish a process to meet the quarterly requirement. RSM’s QSAs work with you to confirm that your compliance efforts are supported throughout the organization. The review also identifies where you need to take corrective measures.

Recommended Insights

CASE STUDY

PCI proves large ROI on security investment

RSM builds a repeatable PCI program for a hospitality organization, saving them at least $1.2 million in penalties. Learn more.

  • March 01, 2018

CASE STUDY

PCI gap and business process flow

RSM provides remediation strategy for large, multinational corporation by identifying control gaps related to PCI compliance. Learn more.

  • March 01, 2018

INSIGHT ARTICLE

PCI DSS version 3.2: How will it impact your organization?

Learn how new PCI DSS guidelines reflect emerging threats and new technologies, and how changes may affect your business processes.

  • November 14, 2016

WHITE PAPER

PCI security standards: A high-level overview

Learn about the most recent PCI standards, and how to understand which guidelines are applicable for merchants and financial institutions.

  • Joel Dubin
  • |
  • October 27, 2016

How can we help you?

Contact us by phone 800.274.3978 or
submit your questions, comments, or proposal requests.


Rapid Assessment®

Complete our Rapid Assessment form to be contacted about receiving our "quick-hit" diagnostic of your critical areas of operations.

LEARN MORE



Events/Webcasts

IN-PERSON EVENT

Emerging risks: 2018 Risk Advisory Executive Forum

  • April 26, 2018

IN-PERSON EVENT

Cybersecurity lunch and learn: Shedding light on the dark web

  • March 21, 2018

IN-PERSON EVENT

Meet RSM at the 2018 IIA GAM Conference

  • March 12, 2018

RECORDED WEBCAST

2018 economic and risk outlook webcast

  • February 20, 2018

RECORDED WEBCAST

AML and regulatory compliance webcast series: Winter 2018

  • February 13, 2018