Organizations that process, store, or transmit credit card payment data are responsible for achieving and maintaining compliance with the Payment Card Industry (PCI) Data Security Standard (DSS). Like many compliance mandates, PCI DSS can be complex, especially for large enterprises. Focal Point has been a PCI QSA and ASV for more than a decade, and we have performed hundreds of PCI DSS compliance engagements for organizations of all sizes. Let our experts guide you through the process.
Check out our PCI DSS scoping guide!
Focal Point has been a PCI QSA and an ASV since 2006, and nearly every member of our PCI team has earned the individual QSA designation. Our team of certified QSAs have worked together to support some of the largest organizations in the world. Our goal is – and always has been – to provide sustainable PCI solutions that deliver a high return on investment and strengthen the overall security of your company.
With Focal Point as your trusted PCI Advisor, you have the industry expertise and real-world experience to develop a robust PCI compliance program.
The PCI DSS requirements are an essential starting point for merchants that accept credit card payments. While compliance with PCI DSS shields your company from liability, it does not represent a complete protection of your cardholder data. Because a single breach can have such devastating impacts on your business, Focal Point prefers to serve as a trusted partner for our PCI clients, rather than simply a one-time assessor. Our combination of compliance, penetration testing, IT risk and infrastructure expertise offers our PCI clients the unique opportunity to substantially strengthen their defenses through the PCI assessment process.
Many leading companies have chosen Focal Point as their trusted partner in PCI compliance. Benefits include:
Focal Point provides services to meet all of the PCI DSS requirements, including network architecture, system configuration, security management, policies, procedures and other critical security measures.
Our team compares each requirement of the PCI DSS with your current practices to determine your compliance, and can issue a ROC and an AOC, if compliance has been achieved.
Our team walks through the PCI DSS and holds current practices against DSS requirements to determine any holes in compliance. Following our evaluation, we provide a detailed gap analysis that ranks areas of non-compliance by risk level along with detailed steps to remediate these gaps.
Our team provides subject matter expertise as you take steps to remediate any gaps in compliance.
Once you feel confident that your organization is compliant, our team will walk through the self assessment questionnaire with you and help you develop the best response and determine if there are any weak points in compliance.
Once your organization is deemed compliant by the SSC, our team will provide ongoing support to ensure that new policies, procedures, and applications meet compliance requirements, and also advise on any ongoing security initiatives that may affect compliance each year.
As a certified ASV, Focal Point's team is equipped to provide quarterly external scans of your cardholder data environment (CDE) and internal network scans to detect any vulnerabilities and malicious threats to your network.
Our team evaluates the architecture design of your network environment to determine its compliance with DSS standards and corrects any existing architecture design flaws.
Our team attempts to gain access to our your physical or logical infrastructures by using unknown (black box), partially known (gray box), or known (white box) methods. Each asset undergoes a comprehensive attack, and the results are evaluated and prioritized.
Using a hybrid approach of both automated and skilled manual analysis, our team does a comprehensive test of the enabled security controls meant to protect the application's exposed user interface.
Our team tests your encryption and authentication technologies so you can protect the confidentiality of wireless transmissions and monitor and control unauthorized network access.