Sicurezza delle carte di pagamento (PCI DSS)

GERICO Security through its qualified staff as QSA can support the Customers

– in the definition of the payment cards perimeter

– support in the choices of segregation and reduction of the PCI DSS scope

– support the client in the definition of the documentation required by the PCI DSS standard

– carry out, through primary partners, the technological activities required by the standard

– carry out Level 1 audit activities with the compilation of the RoC

– carry out the verification activities and the compilation of the SaQ signed by a QSA.

The PCI DSS assessment process includes the following steps:

  1. Confirm the scope of the PCI DSS assessment.
  2. Perform the PCI assessment for the environment, following the testing procedures for each requirement.
  3. Complete the applicable report for the assessment (e.g., Self-Assessment Questionnaire, SAQ, or Compliance Report, ROC) including documentation of all compensating controls, according to the applicable PCI instructions.
  4. Complete in full the Attestation of Compliance for Service Providers or Operators, as applicable. Attestations of Compliance are available on the PCI SSC website.
  5. Submit the self-assessment questionnaire or compliance report and Attestation of Compliance, along with any other required documentation (e.g., scan reports from approved scanning vendors) to your acquirer (for merchants) or payment brand or other requesting entity (for service providers).
  6. If required, perform remediation activities to satisfy unimplemented requirements and provide an updated report.