In terms of PCI, service providers are companies that process, transmit or save card details for other companies (merchants or other service providers). A service provider must meet the PCI requirements and demonstrate its PCI compliance to its customers. Evidence of this is provided by being listed with the card organisations (Visa, MasterCard, American Express, etc.) as a certified service provider. The service provider typically proves its PCI compliance and is listed by means of an audit by a Qualified Security Assessor (QSA).
Support in all phases of a PCI project through sucessful certification
We explain the PCI requirements and convey the basic knowledge required to run a PCI project in our workshops and consultation meetings. We support management, departments and technical experts with our experience in PCI projects.
By means of gap analyses, scope analyses and concept analyses, we work with you to clarify the implementation measures required to meet the PCI specifications. You therefore have a picture of the extent of the work required to achieve PCI compliance.
Using the information from the analyses, you can then implement the essential measures. We support you with advice, help you to take the right steps and implement them in your company, and assist with any questions.
AUDIT & CERTIFICATION
Following successful implementation of the adaptations, we carry out the compliance audit with you and draw up the necessary audit reports. An application is then made for listing with the card organisations, and you receive a certificate from us confirming successful completion of the audit.
You work for other service providers. Companies frequently offer outsourcing services for other companies that fall below the PCI standards. As an outsourcing service provider of this sort, it is appropriate to complete partial certification of the outsourcing services for your customers. In so doing, you not only show that IT security is important to you, you also offer your customers an additional advantage by putting your partial certification at the disposal of your customers for their PCI audit.
If you offer outsourcing services relating to card data processing, we look forward to hearing from you. We will be happy to explain to you the key steps and the competitive advantage they provide. Below we have put together some examples of services for which outsourcing providers have completed their own partial PCI certification.
The PCI standard sets specific security requirements for physical security, access controls and handling of visitors. Through PCI certification, you offer your customers an environment for their sensitive data that meets international standards along with a cost benefit, as the electronic data processing environment no longer requires re-verification as part of a customer audit.
Call centres frequently take credit card information when customers place orders. As this business process is subject to PCI regulations, verification of the extent to which the call centre is responsible for PCI certification is an important issue for management, not only from the point of view of compliance but also for reasons of liability.
As with computer centres, cloud service providers are affected by the PCI DSS requirements, since they not only offer computer centre services but also run applications and solutions. As a result, the cloud service provider handles many of the stages in processing the customer’s card data, which makes PCI compliance essential.
As a hosting provider, you not only offer co-location but also operate at various levels of your customers’ IT infrastructure and systems (operating system, firewall, database systems, etc.). If your customers process card data using these infrastructures, as a hosting provider you have an obligation to run the systems that you administer in accordance with the PCI guidelines.