The Payment Card Industry Data Security Standard (PCI DSS) is an information security standard that is mandatory for any organisation that transmits, processes, or stores payment card data. This may be because you are a retailer (Merchant), or provide services to other organisations (Service Provider). ECSC helps Merchants satisfy their bank compliance and reporting obligations, and Service Providers win new business.
In the event of a breach of card data, Merchants are liable for substantial fines, in addition to the inevitable reputation damage and remediation costs that follow; therefore, their own compliance and compliance of their Service Providers is critical.
ECSC was the first UK organisation to achieve PCI DSS Level-1 Service Provider certification for a wide range of IT security managed services.
As Qualified Security Assessors (QSAs), our role is to:
- Help you understand your PCI DSS compliance obligations and options
- Support you through a development programme to deploy compliant systems, and remove others from scope
- Assess you against the standard, either as a Merchant reporting to your bank, or as a Service Provider
We can also support clients in gaining compliance following a breach of card data.