COVID-19 AWARENESS: Xcina Consulting is open and operating, as usual, and here to support organisations during these challenging times. We are available to provide risk assurance and advisory services to help navigate the challenges of the new ways of working. Contact Us
Menu Close

Case Study

PCI DSS Gap Analysis for UK-based Wine Trader

The client

A provider of utility services to small and medium-sized enterprises and start-ups in the UK covering telecoms, business mobile, card processing machines, fibre broadband, public Wi-Fi, VoIP hosting and business energy.

The work

Our client takes card payments for orders and monthly subscriptions over the internet and by telephone. Priding itself on providing a high quality, efficient and trustworthy service to its customers, and aware of the Payment Card Industry Data Security Standard (PCI DSS), our client wanted to gain an independent assessment of their readiness against the Standard prior to completing their PCI SelfAssessment Questionnaire (SAQ ) to their acquiring bank.

How we helped

We reviewed the scope of our client’s Card Data Environment and assessed this against the 12 requirements and over 280 controls of the Standard. Our findings were formally presented in a detailed gap analysis report which also assessed their readiness against the prioritised approach PCI DSS recommends is followed to reduce the overall risk of potential payment fraud. There were a number of identified weaknesses, which could be easily addressed by minor process improvements, reducing the number of components within the scope of the Standard, and by some small IT architectural changes. Our client used our report, recommendations and priorities to address as the foundation of their remediation plan. After the client had completed their improvement plan, we undertook a further reassessment readiness and assisted with reviewing the completion of their SAQ.

Value added

Our review and report provided our client with a clear understanding of their PCI DSS compliance status, scope reductions and process improvements to aid achievement of compliance. These improvements could be realised without negatively affecting customer service. By providing a comprehensive PCI DSS gap analysis and follow up reassessment, we enabled our client to protect their customers’ card data and gain assurance that the SAQ issued to their acquiring bank was complete and accurate.

Customer reviews

What our clients say

Get in touch

If you would like to talk about your risk management requirements, submit your details and one of our consultants will be in touch.