Payment Card Industry (PCI) Compliance

Safeguard your customers’ information in the age of e-commerce

With the popularity of online shopping and banking services, credit card transactions are growing at a tremendous rate. Consequently, the threat of credit fraud is also on the rise. To create an additional level of protection for card issuers and ensure that merchants meet minimum levels of security when they store, process and transmit data obtained from the cardholder, the Payment Card Industry Data Security Standard (PCI DSS) was created for organisations handling payment services containing cardholder information.

PCI ComplianceThe global PCI standards define specific requirements for the different areas in processing card payments which are set and agreed with among stakeholders such as banks, merchants and payment services providers. PCI compliance is required for all merchants that store, transmit or process payment card information.

There are 12 requirements to adhere to in order to achieve compliance:

  • Install and maintain a firewall configuration to protect cardholder data
  • Do not use vendor-supplied defaults for system passwords and other security parameters
  • Protect stored cardholder data
  • Encrypt transmission of cardholder data across open, public networks
  • Use and regularly update anti-virus software on all systems commonly affected by malware
  • Develop and maintain secure systems and applications
  • Restrict access to cardholder data by business need-to-know basis
  • Assign a unique ID to each person with computer access
  • Restrict physical access to cardholder data
  • Track and monitor all access to network resources and cardholder data
  • Regularly test security systems and processes
  • Maintain a policy that addresses information security

Fraud and identity theft are on the rise. The reality of a data breach is not only detrimental to your business; it affects your customers as well. This risk is not restricted to the security breaches you see in the news involving large companies as smaller merchants are also affected.

Within TÜV SÜD, internationally accredited certification bodies offer services for various management systems. We have extensive experience in auditing and certifying a wide range of internationally recognised management systems. Our experienced team of global experts will guide you through the process, from on-site audits to certification. Our auditors will guide you in the periodic assessments to identify and minimise potential risks. By partnering with us, your company’s attention and commitment to the PCI compliance will gain global recognition. Beyond certification, we will also provide you with periodic feedbacks on ways to improve on your existing processes.

  • In-depth assessment – A quarterly qualitative and quantitative analysis will be performed and a detailed report and analysis of your company’s PCI compliance will be produced at the end. By assessing your strengths and weaknesses, you ensure that your operations are not compromised.
  • One-stop solution – In addition to PCI certification, TÜV SÜD is also a one-stop provider for other certifications and management systems such as the ISO 9001 standard.
What is PCI compliance?

PCI ComplianceThe global PCI standards define specific requirements for the different areas in processing card payments which are set and agreed with among stakeholders such as banks, merchants and payment services providers. PCI compliance is required for all merchants that store, transmit or process payment card information.

There are 12 requirements to adhere to in order to achieve compliance:

  • Install and maintain a firewall configuration to protect cardholder data
  • Do not use vendor-supplied defaults for system passwords and other security parameters
  • Protect stored cardholder data
  • Encrypt transmission of cardholder data across open, public networks
  • Use and regularly update anti-virus software on all systems commonly affected by malware
  • Develop and maintain secure systems and applications
  • Restrict access to cardholder data by business need-to-know basis
  • Assign a unique ID to each person with computer access
  • Restrict physical access to cardholder data
  • Track and monitor all access to network resources and cardholder data
  • Regularly test security systems and processes
  • Maintain a policy that addresses information security
Why is it important?

Fraud and identity theft are on the rise. The reality of a data breach is not only detrimental to your business; it affects your customers as well. This risk is not restricted to the security breaches you see in the news involving large companies as smaller merchants are also affected.

Why choose TÜV SÜD

Within TÜV SÜD, internationally accredited certification bodies offer services for various management systems. We have extensive experience in auditing and certifying a wide range of internationally recognised management systems. Our experienced team of global experts will guide you through the process, from on-site audits to certification. Our auditors will guide you in the periodic assessments to identify and minimise potential risks. By partnering with us, your company’s attention and commitment to the PCI compliance will gain global recognition. Beyond certification, we will also provide you with periodic feedbacks on ways to improve on your existing processes.

Our services at a glance
  • In-depth assessment – A quarterly qualitative and quantitative analysis will be performed and a detailed report and analysis of your company’s PCI compliance will be produced at the end. By assessing your strengths and weaknesses, you ensure that your operations are not compromised.
  • One-stop solution – In addition to PCI certification, TÜV SÜD is also a one-stop provider for other certifications and management systems such as the ISO 9001 standard.

Your benefits at a glance

  • Improve marketability - By certifying that you are PCI compliant, your reputation and trust from your customers and partners increase. Confident customers are more likely to come back and recommend your business to their network, thus driving profitability as well.
  • Minimise risk - Through consistent achievement of compliance according to the requirements, you ensure that your payment services are secure.
  • Increased adaptability - With PCI certification, your business will be prepared to comply with future regulations. You will also be able to identify ways to improve the IT infrastructure of your business, thus increasing productivity.

  • Global presence - TÜV SÜD’s stable of international experts are well-equipped to apply a beneficial external view on your processes, thus minimising existing risks and enhancing your reputation within the industry.