Payment Card Industry (PCI) Compliance Certification

PCI Compliance Certification in Payment Transactions

To ensure payment card information is not compromised and provide all parties involved with the best possible protection against data misuse, credit card schemes have introduced a safety standard for the handling of payment card and transaction information. This standard, known as Payment Card Industry Data Security Standard or PCI DSS, applies equally to banks (issuers and acquirers), payment service providers, hosting providers, merchants, and payment application providers. PCI DSS Compliance is verified at regular intervals. Parties who cannot furnish proof of PCI DSS certification are not permitted to process payment card information.

The PCI Compliance standards define technical and organizational requirements for the storage, processing, and transfer of cardholder information. These standards apply to all parties involved in payment-card processing. The PCI Compliance standard also applies to organizations involved in the operation or provision of infrastructure, data centers, and other security-relevant components. For PCI conformity, organizations must fulfill certain criteria and thus provide appropriate evidence.

PCI COmpliance Certification Requirements at a Glance

PCI compliance certification requirements are laid down in a standard comprising 12 clauses. To establish a relationship of mutual trust with customers and merchants, all of these requirements must be observed and verified at regular intervals. The individual PCI requirements are:

1. Installation and maintenance of a firewall configuration to protect cardholder data
2. No vendor-supplied defaults for system passwords and other security parameters may be used
3. Stored cardholder data must be protected
4. Cardholder data and other sensitive information must be encrypted for transmission across open, public networks
5. Antivirus programs must be used and regularly updated
6. Secure systems and applications must be developed and maintained
7. Access to cardholder data must be restricted according to the need-to-know principle
8. All individuals with computer access must be assigned clear user authentication
9. Physical access to cardholder data must be restricted
10. Comprehensive tracking and monitoring of all access to cardholder data and network resources
11. System and process security must be regularly tested
12. The information security policy must be observed and maintained

Requirements by Level

As differentiation between service providers and merchants is not always easy, we will be happy to advise you on PCI requirements and categorizations.

Merchants

From standardized vulnerability scans (ASV) to our extensive Merchant Compliance Portal and individual advice, we offer merchants all the solutions they need to achieve compliance with the Payment Card Industry Data Security Standard (PCI DSS) and thus, ultimately, PCI DSS certification.

— Learn more about PCI Compliance Certification for Merchants

Acquirers

By providing our extensive acquirer portal, which can be used for easy implementation of all reporting tasks and other requirements for PCI DSS certification, we help acquirers to ensure end-to-end PCI DSS compliance at their merchants and service providers as well as in their own organizations. We support your authorized merchants with their efficient fulfillment of PCI requirements and submission of compliance evidence, offering comprehensive support and an attractive Merchant Compliance Portal.

— Learn more about PCI Compliance Certification for Acquirers

Manufacturers

For software manufacturers, we offer an integrated solution for Payment Application Data Security Standard certification (PA-DSS certification). We are at your side every step of the way, supporting you with individual advice and the necessary security audits.

— Learn more about PCI Compliance Certification for Manufacturers

For Service Providers

We offer payment service providers and cloud or hosting providers in-depth PCI advisory, comprehensive auditing as well as seminars and training, and many more constructive solutions on their way to PCI DSS certification.

— Learn more about PCI Compliance Certification for Service Providers

TÜV SÜD's PCI Compliance Services

We offer comprehensive advice, preparation, auditing, and verification of your security measures, thereby supporting you in all requirements for PCI DSS compliance certification. If you meet the PCI DSS standards, as an accredited certification body we can supply you with the TÜV SÜD certification mark and all evidence required by the credit-card schemes. Depending on whether you are a service provider, software manufacturer, merchant, or acquirer, you need to comply with various requirements and security-assessment procedures of the PCI DSS and/or PA-DSS.

We differentiate between PCI DSS and PA-DSS certification, with the latter applying exclusively to manufacturers of payment software (Payment Application Data Security Standard). To ensure you can always work in conformity with the PCI standard and benefit from highest security measures, we offer the necessary solutions for PCI DSS or PA-DSS compliance certification and a number of additional benefits. Selected services include:

• Technical advisory for all issues and steps of PCI DSS compliance
• Seminars, training and workshops
• Compliance portal for merchants, service providers, and acquirers to provide efficient evidence of compliance with the requirements
• On-site audits carried out by a qualified security assessor (QSA)
• Vulnerability scans performed by an approved scanning vendor (ASV)
• Awareness training (eLearning)
• Support with completing the PCI Self-Assessment Questionnaire (SAQ)
• TÜV SÜD certification mark for certified organizations

TÜV SÜD America - THE CERTIFICATION BODY OF TRUST FOR ALL YOUR PCI Compliance CONCERNS

Our services cover all PCI DSS standards, supporting you on your way to PCI Compliance certification. Contributing our know-how in the auditing of information security and our experience in the payment-card industry we guarantee that you are on the safe side in matters of payment security. Our comprehensive services enable you to implement effective security systems.

Our accreditations with the PCI Security Standards Council and the payment card schemes authorize us to assist you with all aspects of reaching PCI Compliance certification and to issue the PCI certificate. We offer a range of certifications, including:

• Qualified Security Assessor Company (QSAC)
• Approved Scanning Vendor (ASV)
• Qualified Payment Application Security Assessor (QPASA)

Have a question or need immediate assistance? Get in touch!

Contact Us