© 2021 RSM US LLP. All rights reserved.
PCI Compliance Services
Helping you comply to the Payment Card Industry Data Security Standard
Any organization that accepts credit or debit cards as a form or payment must comply with the standards set by the Payment Card Industry (PCI) Standards Security Council. Not being compliant with these standards carries damaging effects, including fines, higher transaction fees, reputational harm and a loss of banking relationships.
RSM’s PCI services help businesses comply with PCI regulations. In addition, RSM offers action plans to guide businesses to maintain PCI compliance. This is accomplished through a variety of different services by RSM, including vulnerability assessments, gap assessments and penetration testing.
The prospect of assuring that your business is PCI compliant can be overwhelming and daunting. RSM alleviates this anxiety by offering a staff that is dedicated to providing thorough analysis of your business’ current cardholder data (CHD) procedures, and then provided recommendations on how to better reach compliance. RSM is also a PCI Approved Scanning Vendor (ASV), meaning we’re authorized to perform vulnerability assessments against your cardholder data environment (CDE).
Does PCI compliance apply to my organization?
Any business that stores, processes, accesses or transmits payment cards as a merchant or service provider is required to be PCI compliant. PCI compliance significantly reduces the risk of consumers’ cardholder data being compromised by outside attackers.
RSM’s PCI services are multifaceted with a variety of different options, but always begin with asking the client about changes they believe they need to make, and what can be done to make these changes easier. Examples of our key PCI services include:
- PCI ASV vulnerability assessment: This assessment identifies known network, operating, web application, and server exploits and vulnerabilities by using automated tools in accordance with PCI Data Security Standard (DSS). This allows your business to know which vulnerabilities exist, so that you can remediate them.
- Continual compliance: This service provides year-round guidance so your company can meet the recurring requirements of PCI and improve their compliance programs. This also allows you to monitor your PCI compliance throughout the year and define key milestones to eliminate rework later.
- PCI readiness assessment: A PCI readiness assessment helps you to determine your readiness for an on-site Report on Compliance (RoC) assessment by identifying key areas of weakness and noncompliance. The project results in steps needed to achieve compliance and to understand how to maintain compliance with evolving security compliance obligations. Our gap assessments involve interviews that are conducted for up to two days to determine your standing in regard to PCI compliance.
- PCI Report on Compliance (RoC) and SAQ: A PCI RoC is an assessment conducted following the PCI Data Security Standard to determine an organization’s ability to protect cardholder data. Level 1 (6 million transactions per year) merchants are required to submit a PCI RoC completed by a Qualified Security Assessor (QSA) on an annual basis.
- PCI service provider quarterly review: PCI service providers are required to conduct quarterly reviews to confirm that personnel are following security practices and operational procedures. This service enables providers to establish a process to meet the quarterly requirement. Our Qualified Security Assessors (QSA) will work with you to confirm that your compliance efforts are supported throughout the organization.
While these services are all available individually, we often find that our clients will utilize multiple services at a given time as a way of exceeding the minimum requirements to be compliant.
Navigating the requirements to meet PCI compliance can be difficult and daunting with so many different regulations in place. Our dedicated staff is here to help ensure that your business has a plan going forward to achieve and maintain consistent PCI compliance. Contact RSM today to allow us to help you determine which services would be beneficial in achieving compliance.