PCI DSS compliance and testing

April 23, 2017 Case Study 1 min read
PCI DSS compliance helps company retain millions of dollars in business and attract new customers.

 Image of people meeting

The client

With 15 locations and over 4,500 team members, this organization focuses on marketing, ranging from end-to-end marketing to analytics to web hosting.

The challenge

With increasing industry demand, and to retain millions of dollars in business, it was critical the company adhered to the Payment Card Industry Data Security Standards (PCI DSS). They needed help understanding their compliance responsibilities, and how to achieve this compliance in a cost-efficient manner. Due to previous, positive engagements, the company chose us to help them understand their unique environment, and determine their next steps.

The solution

  • Discovery & Scope Reduction: Our experts helped the company analyze and understand their compliance requirements based on an evaluation of their payment card processes. Based on this understanding, our experts provided recommendations for the company to reduce compliance costs through process redesign and network segmentation.
  • Readiness Assessment: Next, we performed an initial gap assessment of the company’s compliance with the PCI DSS and provided recommendations to fulfill non-compliant requirements. Our recommendations were organized using a prioritized approach to guide the company down the most logical path to compliance.
  • PCI DSS Assessment: Once the company remediated all compliance gaps noted in the Readiness Assessment, we performed a PCI DSS assessment per guidance from the PCI Security Standards Council.
  • PCI Penetration Testing: In addition, our network security team assisted the company in fulfilling their obligations for PCI DSS requirement 11.3; which requires organizations to perform annual internal and external penetration testing. Recommendations were provided to assist the company in performing required remediation.
  • Compliance Reporting: When the company was fully compliant with the PCI DSS (for the services assessed), we prepared the required compliance documentation (Report on Compliance Reporting: When the company was fully compliant with the PCI DSS (for the services assessed), we prepared the required compliance documentation (Report on Compliance and Attestation of Compliance) that they could share with their clients.

The benefit

In the end, we confirmed the company’s PCI DSS compliance and they were able to provide attestation to their own clients. During the project, the company experienced turnover with a key staff member and our team was able to facilitate a thorough knowledge transfer during the personnel transition. The company was able to retain millions of dollars in business and attract new business based on their compliance with the PCI DSS.

Related Services:

Cyber Compliance Cybersecurity

Related Industries:

Franchise Professional Services Restaurants Retail

Related Thinking

Technology consultants discussing how to align digital strategy with business goals.
March 26, 2024

Digital strategy: A roadmap to align technology with business goals

Article 5 min read
Group of industry leaders attending Plante Moran's Nonprofit Summit.
March 26, 2024

2024 Nonprofit Summit

Webinar 4 hour watch
Scientist in a mask and hazmat suit working with a machine.
March 1, 2024

Top medical device industry issues to watch for in 2024

Article 5 min read