Helping you comply with the payment card industry data security standard

Organizations that accept credit or debit cards as payment must comply with Payment Card Industry (PCI) Security Standards Council (SSC) requirements. Noncompliance carries numerous risks, including fines, higher transaction fees, reputational harm, and a loss of banking relationships.

Ensuring compliance can be complex and daunting. RSM’s PCI services, such as Qualified Security Assessor (QSA), Approved Scanning Vendor (ASV), Secure Software Framework (SSF), and Qualified PIN Assessor (QPA), help businesses achieve and maintain compliance through a variety of methods.

Does PCI compliance apply to my organization?

Any business that stores, processes, accesses, or transmits payment cards or payment card data as a merchant or service provider is required to comply with PCI standards. Compliance significantly reduces the risk of consumers’ CHD being compromised by cyberattacks.

Getting started

Navigating the array of requirements for compliance with PCI standards can be difficult and daunting. Our dedicated team can help ensure your business has a plan to achieve and maintain consistent PCI compliance.

The RSM approach

RSM’s PCI services are multifaceted, but we always begin by asking you to describe the changes you believe your company needs and the most efficient approach to making them. Our team begins the process with a thorough analysis of your current business and technical account data processes against the applicable PCI standard and then develops recommendations for improvements.

Our key PCI services include the following:

We perform this assessment following the PCI DSS to independently determine your ability to protect account data. Level 1 merchants (those with 6 million transactions or more per year) must submit a PCI ROC and Attestation of Compliance (AoC) completed by a QSA annually to their acquiring bank and card brands.

While these services are all available individually, many of our clients utilize multiple services to ensure they meet or exceed minimum compliance requirements.

Featured solution

Penetration testing

Identify how attackers will exploit your company’s weaknesses with PenTesting services.

Recent insights from our cybersecurity professionals

Additional solutions to achieve your organization’s goals

More services to help your organization succeed

Recorded webcast

PCI DSS version 4.0:
What is the change really about and what do you need to do?

Join us for a webcast to review the updated PCI DSS 4.0 standard and what steps you need to take now to make sure your organization knows what steps are needed for compliance.

Contact our risk, fraud and cybersecurity professionals

Complete this form and an RSM representative will be in touch shortly.

Subscribe to Risk Bulletin

Our cybersecurity, risk and fraud professionals provide regular insights and regulatory compliance updates to help your organization manage risk.