The client
A provider of utility services to small and medium-sized enterprises and start-ups in the UK covering telecoms, business mobile, card processing machines, fibre broadband, public Wi-Fi, VoIP hosting and business energy.
The work
Our client takes card payments for orders and monthly subscriptions over the internet and by telephone. Priding itself on providing a high quality, efficient and trustworthy service to its customers, and aware of the Payment Card Industry Data Security Standard (PCI DSS), our client wanted to gain an independent assessment of their readiness against the Standard prior to completing their PCI SelfAssessment Questionnaire (SAQ ) to their acquiring bank.
How we helped
We reviewed the scope of our client’s Card Data Environment and assessed this against the 12 requirements and over 280 controls of the Standard. Our findings were formally presented in a detailed gap analysis report which also assessed their readiness against the prioritised approach PCI DSS recommends is followed to reduce the overall risk of potential payment fraud. There were a number of identified weaknesses, which could be easily addressed by minor process improvements, reducing the number of components within the scope of the Standard, and by some small IT architectural changes. Our client used our report, recommendations and priorities to address as the foundation of their remediation plan. After the client had completed their improvement plan, we undertook a further reassessment readiness and assisted with reviewing the completion of their SAQ.
Value added
Our review and report provided our client
with a clear understanding of their PCI DSS
compliance status, scope reductions and
process improvements to aid achievement
of compliance. These improvements could
be realised without negatively affecting
customer service.
By providing a comprehensive PCI DSS
gap analysis and follow up reassessment,
we enabled our client to protect their
customers’ card data and gain assurance
that the SAQ issued to their acquiring bank
was complete and accurate.