Payment Card Industry (PCI) Compliance

GM Sectec will accelerate your compliance journey, safe guarding sensitive data and validating the PCI compliance exercise.

 

Your one stop shop for
PCI Compliance Validation

PCI Advisory and Compliance Validation Managed Services


GM Sectec offers a full suite of PCI Compliance Security services designed to support your mission along the compliance journey. Our qualified assessors can help businesses of all sizes address PCI DSS Compliance navigate the regulation, identify the processes you need to implement, as well as assess and maintain your unique environment to ensure you are compliant.

GM Sectec is a Global Leader in PCI consulting and compliance validation services, with the experience from the early days of the PCI DSS Standard enabling us to support and manage small, midsize and large complex assessments. We are on the Global Executive Assesor Round Table of the PCI Security Standard Council providing a unique view point on the direction and evolution of the standard. GM Sectec is a one-stop shop for PCI compliance.

Know-how, Techniques and Leading edge software as a service


GM Sectec is a Qualified Security Assessor Company (QSA-C) and holds the following accreditations:

  • Payment Application Data Security Standard (PA-DSS) assessor
  • Point-to-Point Encryption (P2PE) assessor
  • Qualified PIN Assessor (QPA)
  • Software Security Framework (SSF) assessor
  • Card Production Security Assessor (CPSA)
  • Approved Scanning Vendor (ASV)
  • 3-D Secure (3DS) Assessor
  • PCI Forensic Investigator

Our Know-how, Techniques and Leading edge software as a service will give you the tools to go beyond the base-line requirements and build a compliance program that will help you defend against the latest cyber-attacks.


GM Sectec PCI Certifications


What is PCI DSS

The Payment Card Industry Data Security Standard (PCI DSS) refers to a combination of requirements that make sure all companies that store, process, or transmit credit card information provide an environment for their customers' data that is safe and secure.

But what is PCI DSS, exactly? It may sound burdensome, but it is composed of helpful rules and guidelines that keep sellers and their customers safer from attackers. It was first introduced as an official regulation on September 7, 2006, as a measure to enhance the security of accounts through all stages of credit card transactions.

PCI DSS is managed by a body of officials created by American Express, Discover, JCB, Mastercard, and Visa. These entities take on the responsibility of enforcing compliance regulations.

Improving the data security of card payment systems is the job of the PCI Security Standards Council, also known as the SSC. They make available standards and materials that incorporate tools, measurements, frameworks, and resources to support organizations as they endeavor to uphold cardholder information security. The council uses PCI DSS as a framework for creating comprehensive payment card security processes that allow for the detection and prevention of and response to security issues.

The threat of credit card fraud and information theft across the global retail industry has never been more prevalent. PCI compliance, governance and risk management practices are imperative for all organizations interacting with cardholder data.

What is PCI PIN


The PCI (Payment Card Industry) Security Standards Council have defined a complete set of requirements and testing procedures for the secure management, processing, and transmission of personal identification number (PIN) data during online and offline payment card transaction processing at ATMs and attended and unattended point-of-sale (POS) terminals.

These PIN Security Requirements are based on the industry standards and provide:

  • The minimum security requirements for PIN-based interchange transactions
  • The minimum acceptable requirements for securing PINs and encryption keys
  • Reasonable assurance to all retail electronic payment system participants adhering to the requirements that the risk cardholder PINs will be compromised is minimized

What is PCI ASV


An ASV (Approved Scanning Vendor) is an organization with a set of security services and tools (“ASV scan solution”) to conduct external vulnerability scanning services to validate adherence with the external scanning requirements of PCI DSS Requirement 11.2.2. The scanning vendor’s ASV scan solution is tested and approved by PCI SSC before an ASV is added to PCI SSC’s List of Approved Scanning Vendors.

The PCI Security Standards Council maintains a structured process for security solution providers to become Approved Scanning Vendors (ASVs), as well as to be re-approved each year.

What is PCI 3DS


3DS Assessors are qualified by PCI SSC to perform assessments using the PCI 3DS Core Security Standard (Security Requirements and Assessment Procedures for EMV® 3-D Secure Core Components: ACS, DS, and 3DS Server). 3DS Assessor Employees are individuals who are employed by a 3DS Assessor Company and have satisfied all 3DS Assessor Qualification Requirements applicable to employees of 3DS Assessor Companies who will conduct 3DS Assessments, as described in further detail in the Qualification Requirements For 3DS Assessors.

The PCI Security Standards Council maintains an in-depth program for security companies seeking to be certified as 3DS Assessors, as well as to be re-certified as 3DS Assessors each year.

What is PCI CPSA


Card Production Security Assessor (CPSA) Companies are security organizations that have been qualified by the Council to validate an entity's adherence to the PCI Card Production Logical Security and/or Physical Security Standards. CPSA Employees are individuals who are employed by a CPSA Company and have satisfied all requirements to perform PCI Card Production Security Assessments as described in the CPSA Qualification Requirements.

The PCI Security Standards Council maintains an in-depth program for companies and their employees seeking to be certified as CPSAs, or re-certified as CPSAs each year.

What is PCI P2PE™


Organizations qualified by PCI SSC to validate P2PE Solutions and P2PE Components on behalf of P2PE Vendors are referred to as Qualified Security Assessor P2PE Companies (QSA (P2PE) Companies); Organizations qualified by PCI SSC to validate P2PE Applications on behalf of Vendors are referred to as Payment Application Qualified Security Assessor P2PE Companies (PA-QSA (P2PE) Companies). The quality, reliability, and consistency of a QSA (P2PE) Company and/or PA-QSA (P2PE) Company’s work provide confidence that the P2PE Solution, P2PE Component and/or P2PE Application has been validated for P2PE compliance

The PCI Security Standards Council maintains an in-depth program for security companies seeking to be certified as QSA (P2PE) and/or PA-QSA (P2PE)s as well as to be re-certified as QSA (P2PE) and/or PA-QSA (P2PE) each year.

What is PCI SSF


Software Security Framework (SSF) Assessor companies are independent security organizations that have been qualified by the PCI Security Standards Council to validate a vendor's payment software and/or to evaluate a vendor's software lifecycle.

Secure Software Assessors are employed by an SSF Assessor Company and have satisfied and continue to satisfy all applicable requirements to perform Secure Software Assessments.

Secure Software Lifecycle (SLC) Assessors are employed by an SSF Assessor Company and have satisfied and continue to satisfy all applicable requirements to perform Secure SLC Assessments.

The PCI Security Standards Council maintains an in-depth program for companies and their employees seeking to be certified as SSF Assessors, or re-certified as SSF Assessors each year.

What is PCI PA DSS


Payment Application Qualified Security Assessor (PA-QSA) Companies are organizations that have been qualified by the PCI Security Standards Council to perform PA-DSS Assessments for PA-DSS Program purposes. PA-QSA Employees are individuals who are employed by a PA-QSA Company and have satisfied all PA-QSA Qualification Requirements applicable to employees of PA-QSA Companies who will conduct PA-DSS Assessments, as described in further detail in the PA-QSA Qualification Requirements.

The PCI Security Standards Council maintains an in-depth program for security companies seeking to be certified as Payment Application Qualified Security Assessors (PA-QSAs), as well as to be re-certified as PA-QSAs each year.

What is PCI Forensic Investigators


PCI Forensic Investigators (PFIs) help determine the occurrence of a cardholder data compromise and when and how it may have occurred. These PCI Forensic Investigators are qualified by the Council’s program and must work for a Qualified Security Assessor company that provides a dedicated forensic investigation practice. They perform investigations within the financial industry using proven investigative methodologies and tools. They also provide relationships with law enforcement to support stakeholders with any resulting criminal investigations.

The PCI Security Standards Council maintains an in-depth program for forensic companies seeking to be certified as PCI Forensic Investigators, and to be re-certified as PFIs each year.

 

"Working with GM Sectec, we believe we can offer our clients a simplified path to Cybersecurity enablement and PCI DSS Compliance validation"

Eduardo Perez SVP & Regional Risk Officer Visa International