COVID-19 AWARENESS: Xcina Consulting is open and operating, as usual, and here to support organisations during these challenging times. We are available to provide risk assurance and advisory services to help navigate the challenges of the new ways of working. Contact Us
Menu Close

Case Study

PCI DSS: Attestation of Compliance for Telephony Outsourcing Business

The client

A business process and customer experience outsourcing company specialising in providing telephony based product support, ordering and booking services for major recognised client companies from over 25
locations across Europe.

The company integrates their services with client systems many of whom require the company to process payments by payment cards and be compliant with PCI DSS.

The work

Maintaining annual compliance to Payment Card Industry Data Security Standard (PCI DSS) is a contractual requirement for the company with all of their clients for whom they process card payments. Achieving this effectively across all of the various payment systems in use is essential to
maintain operating margins in what is a price competitive market.

The company wanted to have independent assurance that they were able to meet the PCI DSS requirements on an ongoing basis, reduce the scope of their Card Data Environment (CDE) and maintain a consistent approach and process across all client operations to minimise the cost of operation.

How we helped

Starting with an initial review of the company’s operations we supplied
Qualified Security Assessors (QSAs) to assist with reducing the scope of their CDE, establishing a consistent operating model across all client services, and ensuring that these operations complied with PCI DSS.

From this we worked with the company to produce Self Assessment Questionnaires for Service Providers (SAQ-D) for all countries in which they are based and as a QSA company also provided Attestation of Compliance (AOC) reports to independently assure the validity of each
SAQ-D.


As the company has grown its operations, we have continued to provide ongoing advice of changes to the PCI DSS standard and its impact, have undertaken the production of AOCs for new locations, as well as the annual production of AOCs for existing operations.

Value added

We provided the client with PCI DSS knowledge, assisted them in reducing
their PCI scope, considered the PCI DSS implications for new clients, and reduced compliance costs by implementing a common technical architecture and operating processes across all clients.

Customer reviews

What our clients say

Get in touch

If you would like to talk about your risk management requirements, submit your details and one of our consultants will be in touch.