PCI Compliance

Payment Card Industry (PCI) Compliance is high on the agendas of Audit Committees and Executive Leadership due to increasing pressure from credit card brands and regulatory agencies. Lack of compliance may prevent businesses from being allowed to accept credit cards as a form of payment. Businesses that have a data breach where credit card data is actually stolen will be subject to much larger fines and fees from the banks, card brands, etc., and are required to report the breach, which quickly makes the news and causes further reputational damage.

The PCI Data Security Standard (PCI DSS) is used to assess organizations that handle credit cards from the major card brands including Visa, MasterCard, American Express, Discover, JCB and China Union Pay. PCI DSS applies to all entities that store, process, and/or transmit cardholder data. If your business accepts or processes credit cards, PCI DSS applies to you. However, the PCI DSS is so complex that most businesses do not know where to begin.

At UHY, we manage PCI-related initiatives as consultants rather than auditors, which allows us to provide guidance and recommendations throughout the effort. We offer a full suite of PCI Compliance consulting services to help businesses of all sizes address their compliance obligations. We tailor each PCI-related initiative to the individual needs of our clients. The cornerstone of our methodology is to translate IT risks into business risks and provide meaningful insight to your business. Alongside the compliance deliverables, our PCI service offerings are regularly used to assess and improve the security posture of our clients.

  • PCI Readiness Assessment
  • Tailored PCI-Complaint Policies and Procedures
  • Self-Assessment Questionnaire (SAQ) Consulting and Facilitation
  • Qualified Security Assessors (QSAs) Certified PCI DSS Report on Compliance (RoC)
  • Approved Scanning Vendor (ASV) Certified Vulnerability and Penetration Testing