The Payment Card Industry Data Security Standard (PCI DSS) is a security standard that applies to organizations that handle credit card information. Annual audits are required to validate compliance and varies in nature depending on the quantity of transactions that an organization handles. Organizations that handle smaller volumes of data are able to self-assess, answer a detailed Self-Assessment Questionnaire (SAQ) and attest to their compliance. Organizations that are handling large amounts of transactions must undergo an independent audit by a PCI DSS Qualified Security Assessor (QSA).
- Level 1: Merchants that process over 6 million card transactions annually.
- Level 2: Merchants that process 1 to 6 million transactions annually.
- Level 3: Merchants that process 20,000 to 1 million transactions annually.
- Level 4: Merchants that process fewer than 20,000 transactions annually.
The GAI Cyber team operates as PCI DSS consultants. Our team will assist your organization:
- Analyzing and optimizing PCI data architecture
- Creating Documentation, Policies and Procedures
- Choosing the proper SAQ
- Validating control safeguards are operating as intended
- Conducting Gap Analysis and Remediation Activities
- Selecting a PCI DSS QSA Company for Audit
GAI Cyber partners with several different PCI QSA companies who provide formal audits for firms processing large quantities of transactions. This ensures there is no conflict of interest between our consultative services and the work of an independent security assessor.