If you store, process or transmit credit card data, your business is subject to the Payment Card Industry Data Security Standards (PCI DSS), a set of security rules designed to curb costly breaches and thefts across the industry.
LBMC Information Security offers a full suite of payments-related data security services to help you attain and demonstrate PCI compliance. As a certified PCI Qualified Security Assessor (QSA), our experts can help you navigate through a maze of regulations, offering practical solutions to help you achieve and maintain compliance. Our team also takes a long-term partnership approach, because we know how important it is to have a reliable and consistent QSA. Our noticeably low turnover helps distinguish us from the rest by giving you the same QSA each year.
PCI Audit and Report on Compliance
While only Level 1 merchants and Service Providers (e.g., big-name chain merchants) must submit a QSA led Report on Compliance, acquirers can require a Report on Compliance regardless of your company size. We lead you through the entire process, from scoping and segmentation, through the audit process, to issuing a completed final Report on Compliance (ROC) and Attestation of Compliance (AOC) to the appropriate parties. We can also provide an “audit once, report many” approach if different frameworks apply.
PCI Gap Analysis
We review PCI compliance efforts performed to date, give clear and insightful guidance on scope reduction, interview key staff, perform testing procedures, and give you an actionable list of remediation steps to prepare you for a PCI audit or self-assessment questionnaire
ASV Quarterly Scanning
PCI Requirement 11.2.1 requires quarterly vulnerability scans by an Approved Scanning Vendor (ASV). LBMC Information Security’s ASV service includes unlimited scans for one year with an industry-leading scanning engine, a secure portal for completing the relevant self-assessment questionnaire, scheduling and administering of your scans, and electronic filing with acquiring banks if desired. The client can use the ASV system on demand at any time.
LBMC Information Security can perform interviews and walkthroughs to assist in the completion of the PCI DSS self-assessment questionnaire version D (SAQ-D). Afterward, we will work with our clients to ensure the cardholder data environment is properly identified and complete the appropriate SAQ-D form.
PCI Flash Assessment
Our team of PCI experts performs a quick assessment to provide you with a roadmap that will guide you through your individualized PCI compliance strategy focusing heavily on helping you determine your PCI scope and segmentation.
PCI Consulting (Virtual QSA)
Through education from a senior-level PCI Qualified Security Assessor, you will receive the expert advice you need on PCI compliance. With our PCI consulting services, you’ll hear timely answers and solutions to your current projects that could affect PCI compliance, while only paying for the time you need.
PCI and Web Application Security Penetration Testing
Penetration testing assures you’re compliant with PCI DSS Requirement 11.3. The methodology, scoping, and reporting processes align with the PCI DSS requirements for penetration testing, including the CDE boundary validation requirements. Through this testing, our team assesses your susceptibility to security attacks.
We also conduct “gray box” (meaning no access to source code) web application security assessments on your web applications to determine if someone might be able to compromise the security of the application itself or the data therein. This evaluates the security of the application by searching for vulnerabilities that could be exploited by an attacker. This testing assures compliance with PCI DSS Requirement 6.6.
Card Data Discovery
With the ability to scan files and data stores, our team can help you meet PCI requirements to identify all stored card data, with the option to expand data discovery to PII and/or ePHI.
PCI Training and Education
Training employees on PCI Security—and security awareness in general—is essential to helping your organization improve your security posture and reduce risk to cardholder data. Our team can help position your employees for success through education and training, reducing the susceptibility to people-based attacks.