PCI DSS Gap Analysis for UK-based Wine Trader | Resources
Xcina Case Study

PCI DSS Gap Analysis for UK-based Wine Trader

The client

A provider of utility services to small and medium-sized enterprises and start-ups in the UK covering telecoms, business mobile, card processing machines, fibre broadband, public Wi-Fi, VoIP hosting and business energy.

The work

Our client takes card payments for orders and monthly subscriptions over the internet and by telephone. Priding itself on providing a high quality, efficient and trustworthy service to its customers, and aware of the Payment Card Industry Data Security Standard (PCI DSS), our client wanted to gain an independent assessment of their readiness against the Standard prior to completing their PCI SelfAssessment Questionnaire (SAQ ) to their acquiring bank.

How we helped

We reviewed the scope of our client’s Card Data Environment and assessed this against the 12 requirements and over 280 controls of the Standard. Our findings were formally presented in a detailed gap analysis report which also assessed their readiness against the prioritised approach PCI DSS recommends is followed to reduce the overall risk of potential payment fraud. There were a number of identified weaknesses, which could be easily addressed by minor process improvements, reducing the number of components within the scope of the Standard, and by some small IT architectural changes. Our client used our report, recommendations and priorities to address as the foundation of their remediation plan. After the client had completed their improvement plan, we undertook a further reassessment readiness and assisted with reviewing the completion of their SAQ.

Value added

Our review and report provided our client with a clear understanding of their PCI DSS compliance status, scope reductions and process improvements to aid achievement of compliance. These improvements could be realised without negatively affecting customer service. By providing a comprehensive PCI DSS gap analysis and follow up reassessment, we enabled our client to protect their customers’ card data and gain assurance that the SAQ issued to their acquiring bank was complete and accurate.

Industry and sector:


Solutions and service area:

What our clients say

"Xcina is always responsive to any question we have during the time we are implementing data protection remediation activities, they keep us informed and understand what we need and what we’re trying to do. "

Getac Technology Corp, Legal Affairs Center

"Xcina is always responsive to any question we have during the time we are implementing data protection remediation activities, they keep us informed and understand what we need and what we’re trying to do."

ParkMobileUK, Managing Director

"Xcina Consulting performed an annual review of our card data environment, and ensured that we are compliant with the PCI-DSS. We continue to work with their experienced QSAs, leveraging their guidance and best practices so we have the highest possible level of security controls in place."

DKB Brands, Data Protection Officer

"Xcina really helped us to kick start our data protection compliance process. They took the time to speak to all departments of the business and outlined our highest risk to lowest risk areas. The insight and guidance they provided was essential for our business to become GDPR compliant."

Portman Settled Estates Limited, Estate Secretary

"Xcina’s ongoing support has ensured that our employees feel confident when dealing with data protection matters, with best practice knowledge and expertise from consultants who have taken the time to get to know our business and our industry."

National Bank of Kuwait, Compliance Officer

"Xcina worked with us on a number of data protection matters, including subject access requests and gave helpful, practical advice which reflected their understanding of technology issues as well as legal matters."

Your World Recruitment, Group IT Director

"We have worked with with Xcina successfully for two years, initially on internal GDPR GAP analysis. We now have them engaged as our ‘Virtual DPO’ provider and regularly receive useful, pragmatic and, more importantly, actionable advice on all areas of Data Protection."

Quadrangle Research, Group Chief Operating Officer

Discover how we have supported businesses like yours >>

Subscribe to Updates

Receive regular updates from our expert consultants as they provide clarification and guidance on issues impacting your organisation.

Subscribe >>