Services

Definition of your PCI Compliance strategy

Have you ever been asked how you would like to take card payments?

Have you ever been asked how you would like to achieve compliance?

Quite often, merchants are not given the opportunity to answer these questions as they stumble into Payment solutions and as a result they often find themselves retrospectively addressing these questions which often make it more difficult and expensive to achieve.

Definition of your PCI Compliance strategy is one of the first tasks we carry out after we have carried out our gap analysis which establishes how and where you take card payment.

This sets the foundation for us to formulate a strategy for your environment and define the type of compliance you would like to have and how you wish to manage the compliance across your organisation.

Your PCI Compliance strategy therefore acts as the foundation for your PCI estate ensuring you have considered every aspect of your PCI and how you wish it to be implemented.

Here are some of the deliverables from our PCI Compliance strategy:

  • Definition of your current Acquiring Banks, merchant IDs and payment channels
  • Creation of the risk register as it relates for each payment channel
  • Formulation of a draft strategy defining
    • How you wish each payment channel to operate –architecturally
    • What SAQ would you like for each payment channel
    • Who will be responsible for generating the controls for each payment channel
    • The pre-approved suppliers for your PCI products and services
    • The approval process for changes your PCI estate
    • Managing your PCI controls and reporting

Managing your end to end PCI Compliance

PCI Compliance has gained a reputation for being expensive and incredibly difficult to manage. These two factor have made it difficult for many clients to achieve compliance.

We believe this should not be the case, we have Technical Design Authorities, Payments and Treasury experts with detailed knowledge of how to simplify the management of PCI compliance.

Below is a description of what our end to end PCI managed service looks like:

Project risk assessment

This service relates to managing the changes to your PCI estate, if you have various projects that may impact your PCI estate, we can offer your project team a risk assessment service to design the project and make it comply with your PCI Compliance strategy and maintain your compliance.

3rd party Supplier compliance management

This service relates to managing your 3rd party service providers, we take each one of them through the process of risk assessment and assist them to become PCI Compliant.

The 3rd party suppliers and then added to your PCI 3rd party service catalogue along with their products and services that pre-approved for PCI Compliance.

This process us review automatically reviewed every 12 months.

Cloud based payment solution

Cloud based payment solutions allow your organisation to offer a wide range of payment services that take out your data centres and allow you to process, store and transmit card data with PCI approved service providers.

Payment solutions

A crucial part of our service include PCI approved service providers that offer a variety of payment solutions