PCI Compliance Consulting

  • Former Federal Agents
  • 100 Years of Combined Experience
  • Investigations, Compliance & Defense
Chris Quick

Former Special
Agent (FBI & IRS)

Roger Bach

Former Special
Agent (DOJ-OIG & DEA)

Timothy Allen

Former Special Agent
(U.S. Secret Service & DOJ-OIG)

Ray Yuen

Former Special
Agent (FBI)

Michael S. Koslow

Former Special
Agent (DOD & OIG)

Consulting Services for PCI Compliance

Tim Allen

PCI Compliance Team Lead – Timothy E. Allen | Former Special Agent (U.S. Secret Service & DOJ-OIG)

Any business in the U.S. that handles branded credit cards such as MasterCard, Visa, American Express, etc., must be Payment Card Industry (PCI) compliant. PCI compliance standards are meant to ensure secure processing, transmission, and storage of cardholder information to prevent fraud, among other issues like data privacy and identity theft.

Corporate Investigation Consulting offers PCI compliance consulting services to ensure companies that handle or accept card payments adhere to strict rules.

PCI noncompliance comes with dire consequences. Companies that disregard global standards for handling credit cards risk hefty fines that can result in bankruptcy. Other problems include a damaged reputation, costly lawsuits, reduced profits, and jail time.

The importance of implementing stringent rules to protect card payment systems should not be overlooked. Our services ensure companies never face any negative PCI compliance-related issues.

Significance of PCI Compliance

In 2018, over $24 billion was stolen globally via payment card fraud, with the U.S. accounting for 38 percent of those losses. Most of the fraud cases resulted in lawsuits, among other negative consequences. Considering card payments are increasing sharply as internet-based transactions increase, the need for companies to protect themselves can’t be overstated. In 2019, over 293 billion transactions happened worldwide on Visa and MasterCard cards alone.

If you accept card payments, you need Corporate Investigation Consulting to offer you PCI compliance consulting services. We ensure compliance with Payment Card Industry Data Security Standard (PCI DSS). We also help companies respond to card-related cybercrime, perform PCI audits, safeguard cardholder information, and more.

Our corporate investigation experts know exactly where to look for PCI noncompliance. We’ve helped companies nationwide correct internal weaknesses through the implementation of robust policies. We can do it for your company as well. Call us at 866-352-9324.

Put our highly experienced team on your side
Roger Bach

Former Special Agent (OIG)

Timothy E. Allen

Former Senior Special Agent U.S. Secret Service

Chris J. Quick

Former Special Agent (FBI & IRS-CI)

Maura Kelley

Former Special Agent (FBI)

Ray Yuen

Former Supervisory Special Agent (FBI)

Michael S. Koslow

Former Supervisory Special Agent (DOD-OIG)

Dennis A. Wichern

Former Special Agent-in-Charge (DEA)

Marquis D. Pickett

Special Agent U.S. Secret Service (ret.)

Definition: Payment Card Industry Data Security Standard (PCI DSS)

PCI DSS is an information security standard that organizations handling branded credit cards must adhere to. Major card brands have Payment Card Industry standards administered by the Payment Card Industry Security Standards Council (PCISSC). The PCISSC was formed by Visa, MasterCard, American Express, JCB, and Discovery in 2006 to manage payment card industry security standards. PCI compliance is done quarterly or annually via methods that match the transaction volume in question.

PCI Compliance Requirements

For a company to be deemed compliant, six control objectives must be met. The company must (1) protect cardholder data, (2) build and maintain a secure card payment network and system, (3) have a vulnerability management program, (4) have an information security policy, (5) implement stringent access control measures, and (6) monitor and test networks regularly.

PCI Compliance Levels

Every company subjected to PCI DSS standards has to be PCI compliant at four levels. Compliance levels are based mainly on transaction volume. Level 1 is for companies that process over 6 million transactions per year, level 2 is for companies that process 1-6 million transactions, level 3 is for companies that process between 20,000 and 1 million transactions, and level 4 is for companies that process fewer than 20,000 transactions per year.

Per the PCI Security Standards Council, there are three main steps for establishing compliance, namely: assessment, remediation, and reporting. A company must assess all card-related business operations to identify weaknesses before proceeding to correct those weaknesses. Companies must also submit reports on compliance.

Our PCI compliance consulting services apply to all compliance levels. Our PCI compliance experts are also capable of handling all compliance steps. Call now 866-352-9324 for a free confidential consultation.

Compliance Validation

Companies must validate compliance to confirm that their security controls, measures and/or procedures meet PCI DSS guidelines. PCI compliance validation is about validating and testing procedures.

Qualified Security Assessor

Companies that handle moderate volumes of card transactions annually may be subjected to compliance validation by a qualified security assessor (QSA). QSAs are PCISSC-certified individuals who audit merchants for PCI compliance. QSAs confirm compliance in a company’s procedures.

Internal Security Assessor

Companies that handle large volumes of card transactions annually may be subjected to compliance validation by an internal security assessor (ISA). ISAs are PCISSC-certified individuals who can perform PCI self-assessments for their company. ISA certification enables a worker to perform inward assessments and propose solutions and controls for PCI DSS compliance.

Self-Assessment Questionnaire

Companies with small card transactions can use self-assessment questionnaires to assess PCI compliance. The questionnaires are validation tools meant to help service providers and merchants report on PCI self-assessment. Self-assessment questionnaires are supposed to be filed yearly and submitted to the transaction bank.

Corporate Investigation Consulting can assist with all aspects of compliance validation nationwide regardless of your card transaction volume. We can assist with reporting meant to ascertain if a company is compliant. Our PCI compliance consulting service confirms if a company has the policies, strategies, workflows, and approaches needed to protect the organization from card-related risks.

PCI Compliance Legislation in the U.S.

PCI compliance isn’t mandated by federal law. However, some states, including Minnesota and Nevada, have mandatory provisions or refer directly to the PCI DSS. Since 2007, companies in Minnesota that receive card payments are prohibited from retaining card data 48 hours after transactions. In Nevada, PCI DSS is incorporated into state law. Merchants must comply with the standard.

Corporate Investigation Consulting has PCI compliance experts nationwide who understand unique PCI compliance aspects in every state.

PCI Noncompliance

Since PCI compliance may not be mandatory for all, some companies may be tempted to be noncompliant. However, noncompliance isn’t a prudent strategy. Noncompliant companies risk penalties, among other negative consequences.

Fines imposed can have a serious impact on small businesses compared to large organizations. Noncompliance can lead to losses resulting from fraud or data misuse. Cardholders who suffer losses because of a company are usually penalized for failing to secure their customer’s data.

Penalties and fines aside, a company can damage its reputation, impair customer confidence, suffer litigation costs, incur compliance costs, suffer job losses, and other negative effects such as loss of business and stakeholder support.

The consequences of PCI noncompliance are more dire today with the increasing prevalence and sophisticated nature of cybercrime. The extent to which hackers can use personal cardholder information is unprecedented. In some cases, a company may never manage to get back to business.

You need PCI compliance consulting to safeguard your company and customers from all PCI noncompliance consequences, including closure.

How Can Corporate Investigation Consulting Help?

Our PCI compliance experts are well versed in all PCI Data Security Standard compliance requirements. We can:

  • Facilitate installation and maintenance of a firewall to safeguard your customer’s card data. We can facilitate firewalls that scan network traffic and block untrusted traffic from accessing your system.
  • Advise on vendor-supplied defaults applicable to system passwords, among other security parameters. This ensures passwords can’t be easily discovered via public information.
  • Facilitate safe storage of cardholder data. Our experts can advise on hashing, encryption, truncation, masking, and other methods used to safeguard card data.
  • Safeguard cybersecurity systems against ransomware, malware, and other malicious programs. Our cybersecurity experts can conduct audits to assess your company’s vulnerability to viruses that can steal cardholder information, capture systems, and cause other harm.
  • Facilitate establishment and maintenance of secure applications and systems. Cardholder information can be stolen indirectly via vulnerabilities in apps and systems. We can assess system and app safety and recommend measures to prevent card data risks.
  • Recommend measures that resist access to cardholder data to authorized persons only. Our PCI compliance team can meticulously assess company systems and processes to identify areas that need restricted access. We can also assign unique identification for ensuring accountability among persons with access to private card data.
  • Craft and maintain a data security policy. Strong data policies ensure staff are serious when handling private data.
  • Continuously test existing security systems and procedures to discover new vulnerabilities and guarantee PCI compliance throughout.
  • Structure risk management strategies that meet PCI DSS requirements. Financial institutions and merchants must protect their client’s card data using cryptography. Noncompliant companies can’t pass audits.

Corporate Investigation’s PCI compliance consulting services covers much more, including assistance with self-assessment questionnaires (SAQs) and QSA audits.

While PCI compliance may not be mandatory, the consequences of noncompliance are dire. PCI issues should never be left to in-house teams that don’t understand the subject comprehensively. To avoid hefty fines, costly litigation, and problems that can halt business, talk to the PCI experts at Corporate Investigation Consulting.

Call 866-352-9324 to discover what more we can do for you in regard to PCI compliance. We go as far as offering help to companies being investigated for PCI noncompliance. See our team here, and reach out today.

Contact Us Today

Contact Team Lead, Timothy Allen,
For a Confidential Consultation

  • This field is for validation purposes and should be left unchanged.

Contact Us 24/7 to Schedule Your Free Consultation

Call 866-352-9324 or request an appointment online. We are available 24/7, and our consultants can take action immediately to protect your company.