PCI DSS Compliance and Auditing Services

We'll work with your team to assess your PCI DSS compliance, establish a baseline against the required standard and work towards PCI DSS accreditation where required.

What is PCI DSS?

Payment Card Industry Data Security Standard (PCI DSS) sets the requirements for organisations and merchants to safely and securely accept, store, process, and transmit cardholder data during credit card transactions to prevent fraud and data breaches. If your business carries out transactions with customers and suppliers that use payment cards, then compliance with PCI DSS is critical.

PCI DSS was established through collaboration between major card brands including American Express, Discover, JCB, Mastercard and Visa. Transaction processes are monitored by the Payment Card Industry Security Standards Council (PCI SSC).

It is incumbent on organisations that accept card payments to either follow the obligations set out in the PCI DSS or otherwise ensure they are processing payments through a compliant partner.

The primary goals of PCI DSS

The PCI DSS regime contains 12 requirements across 6 primary data security goals to be considered in relation to the building and operation of Card Data Environments (CDEs). These include the following:

  • Build and Maintain a Secure Network and Systems (Req. 1 & 2),

  • Protect Cardholder Data (Req. 3 & 4),

  • Maintain a Vulnerability Management Program (Req. 5 & 6),

  • Implement Strong Access Control Measures (Req. 7, 8 & 9),

  • Regularly Monitor and Test Networks (Req. 10 & 11),

  • Maintain an Information Security Policy (Req. 12).

What are the PCI DSS assessments?

PCI DSS has a number of different types of assessments dependent upon the use, management and operation of the CDE, some of which can be performed as Self Assessments, and others that require a formal Report on Compliance (RoC) performed by a Qualified Security Assessor (QSA). Merchants are rated on the number of transactions performed among other criteria. Tesserent’s team of QSAs can provide these services and advice. We work with our clients to determine the appropriate requirements based on the CDE, transaction-level and other criteria.


Why is PCI DSS compliance important?

Complying with PCI DSS may seem onerous but there are major benefits. When your organisation is compliant, it tells customers, both current and prospective, that you see their card data as important and are taking steps to mitigate the risk of those valuable details being lost in a data breach.

As well as enhancing your reputation with customers, it sends a message to banks and card providers that you are serious about data protection and are taking active steps to mitigate the risk of a breach, and that you have processes in place to minimise the risk of a security incident.

Card issuers can penalise organisations that suffer a breach and are found to have not been PCI DSS compliant. Those penalties can come in the form of fines or higher card fees. And there can be significant reputational damage should a breach occur and your organisation was found to be non-compliant. It can also put you at a competitive disadvantage if other participants in your market are compliant.

PCI DSS compliance is expected by companies offering cyber insurance and is critical for ensuring you are taking the right steps to protect your customer's payment information.


How can Tesserent help?

Tesserent has significant experience in the assessment, review and implementation of PCI DSS based on years of experience in the professional services, banking, insurance and telecommunications sectors. This assessment is vital for any organisation holding credit card and card holder information or data. During any PCI DSS assessment, we conduct necessary artefact reviews, interviews with stakeholders, and on-site inspections.

As PCI DSS v3.2.1 is being superseded following the release of v4.0, organisations need to get ahead of the change. Tesserent can partner with you on a range of PCI DSS related services including:

  • Assessment of the PCI DSS compliant controls and practices

  • PCI DSS Advisory Services (QSA)

  • PCI DSS Compliance Assessments (Report on Controls)

  • Validation of Self-Assessment Questionnaires (SAQ-X)



Tesserent’s PCI DSS services are comprehensive:

Initial PCI DSS Review

  • Determine the current state of operations and the extent of any remediation works required across the systems.

PCI DSS Advisory Services

  • Tesserent has extensive experience with PCI DSS and can advise you on the best way forward in your journey to ongoing compliance.

Preparation and performance of Self-Assessment Questionnaires

  • Working alongside you, Tesserent can support your organisation in the preparation of self-assessment questionnaires and ensure they are completed accurately.

Performance of Report on Compliance Audits

  • Organisations requiring a formal compliance report (Level 1 Merchants) against PCI DSS must undertake independent assessment. Tesserent has extensive experience and can partner with you to ensure you follow these processes thoroughly.

PCI DSS Audits

  • Tesserent will work with you on the specific protocols for all aspects of your PCI DSS audit to ensure compliance.

Contact us

Speak with a Tesserent
Security Specialist

Tesserent is a full-service cybersecurity and secure cloud services provider, partnering with clients from all industries and all levels of government. Let’s talk.

Let's Talk
Tess head 7 min