A provider of utility services to small and medium-sized enterprises and start-ups in the UK covering telecoms, business mobile, card processing machines, fibre broadband, public Wi-Fi, VoIP hosting and business energy.
Our client takes card payments for orders and monthly subscriptions over the internet and by telephone. Priding itself on providing a high quality, efficient and trustworthy service to its customers, and aware of the Payment Card Industry Data Security Standard (PCI DSS), our client wanted to gain an independent assessment of their readiness against the Standard prior to completing their PCI SelfAssessment Questionnaire (SAQ ) to their acquiring bank.
How we helped
We reviewed the scope of our client’s Card Data Environment and assessed this against the 12 requirements and over 280 controls of the Standard. Our findings were formally presented in a detailed gap analysis report which also assessed their readiness against the prioritised approach PCI DSS recommends is followed to reduce the overall risk of potential payment fraud. There were a number of identified weaknesses, which could be easily addressed by minor process improvements, reducing the number of components within the scope of the Standard, and by some small IT architectural changes. Our client used our report, recommendations and priorities to address as the foundation of their remediation plan. After the client had completed their improvement plan, we undertook a further reassessment readiness and assisted with reviewing the completion of their SAQ.
Our review and report provided our client with a clear understanding of their PCI DSS compliance status, scope reductions and process improvements to aid achievement of compliance. These improvements could be realised without negatively affecting customer service. By providing a comprehensive PCI DSS gap analysis and follow up reassessment, we enabled our client to protect their customers’ card data and gain assurance that the SAQ issued to their acquiring bank was complete and accurate.