PCI Scope Reduction and ROC Reporting for European Payment Card Services Provider
The UK operation of a European service provider providing car parking payment card services for private and local authority car park operators.
We reviewed their planned architecture to reduce the scope of their Card Data Environment (CDE) for PCI DSS compliance, undertook a PCI pre-assessment of the new environment, and completed a Report on Compliance (ROC) for their assessment against the PCI DSS standard.
How we helped
The client wanted to re-architect their CDE to reduce the scale, effort and complexity of maintaining PCI compliance. Our analysis enabled us to make recommendations to further reduce the CDE scope, identify process and control improvements to aid the likelihood of retaining PCI compliance,
and provide education to staff and management on the requirement of the PCI DSS Standard.
Our knowledge of the PCI DSS standard and approach in explaining the precise requirements of the Standard allowed the client to gain a better understanding of its application, simply the target architecture and reduce the cost and ongoing effort of achieving PCI compliance.