Payment Security

PCI QSA Services

Consult our experts. We are happy to support you.

PCI QSA ASSESSMENT

What atsec offers

atsec (Beijing) Information Technology Co., Ltd (“atsec China” for short) is accredited as a Qualified Security Assessor (QSA) by the Payment Card Industry (PCI) Security Standards Council (SSC). Currently atsec China provides the PCI QSA service for the following markets: Canada, Europe, USA, and Asia Pacific.

As an accredited QSA, atsec China performs PCI on-site security assessments for merchants, banks, and service providers—including third party processors and data storage entities—who process credit card transactions.

The PCI Data Security Standard (DSS) is a multifaceted security standard that includes requirements for security management, policies, procedures, network architecture, software design, physical security and other critical protective measures.

The PCI SSC has assumed responsibility for the QSA program previously operated separately by Visa as the Cardholder Information Security Program (CISP) or Account Information Security (AIS).

Why our services are important to you

For level 1 merchants, service providers and others, an annual audit by a QSA is mandatory.

The five founding members (American Express, Discover Financial Services, JCB, MasterCard Worldwide, and Visa International) have adopted the PCI DSS as the technical standard for their data security compliance programs. Each founding member recognizes the QSAs certified by the PCI SSC as qualified to validate compliance to the PCI DSS.

PCI CONSULTING SERVICES

What atsec offers

atsec offers a full range of consulting services to support your organization in achieving mandatory compliance with the PCI DSS. Our consultants have detailed and expert experience in each of the twelve requirement areas and can help you develop policies and procedures, and also assess your compliance with the standard in the following areas.

  • Install and maintain a firewall configuration to protect cardholder data
  • Do not use vendor-supplied defaults for system passwords and other security parameters
  • Protect stored cardholder data
  • Encrypt transmission of cardholder data across open, public networks
  • Use and regularly update anti-virus software
  • Develop and maintain secure systems and applications
  • Restrict access to cardholder data by business need-to-know
  • Assign a unique ID to each person with computer access
  • Restrict physical access to cardholder data
  • Track and monitor all access to network resources and cardholder data
  • Regularly test security systems and processes
  • Maintain a policy that addresses information security

Why our services are important to you

Credit card information theft is on the rise. Credit card companies want to reduce their losses, and customers want their personal data to be protected. Regardless of whether your organization is required by the card brands to complete a formal audit, if you handle credit card transactions, then you must comply with the PCI DSS and complete self-assessments or QSA assessments. In establishing the PCI SSC, the major credit card companies have signaled that they intend to follow a common standard, requiring compliance based on the common set of security requirements defined in the PCI DSS.

Still have questions?

Can’t find what you’re looking for? Let’s talk!