PCI Compliance Service Offerings

The importance of protecting cardholder data

Threats to cardholder data have evolved significantly since the earliest days of skimming the magnetic stripe value and reusing it for fraud. Threat actors mount attacks against point-of-sale and e-commerce merchants with purpose-built malware, and service providers (e.g., payment processors and technology or cloud services) face numerous threats that could affect their many customers.

Further, non-compliance with PCI DSS may result in fines or operating restrictions (e.g., the inability to receive or process payment cards) from the banks and card brands, and many entities require their business partners to maintain PCI DSS compliance as part of their contractual obligations.

PCI DSS is a mature standard that balances people, process and technology security controls focused on the systems, networks, facilities and processes that store, process or transmit cardholder data or on the environments that can affect the security of cardholder data. PCI DSS is a global standard that applies to all merchants and service providers throughout the world. Payment card brands, merchant banks, insurance carriers and other organizations will want to see that organizations comply with PCI DSS through assessment or self-reporting, depending on the nature of the business and the volume of transactions.

How Mazars can help

Mazars brings the right blend of technical expertise, assessment rigor, business strategy and experience working with a broad array of clients to help assure your organization meets the requirements to protect cardholder data and mitigate the risks of a breach.

With the release in 2022 of the new PCI DSS 4.0 standard, it’s time now to prepare for the changes required to meet it. Contact our team of experts to begin making the necessary preparations for your organization.

Service offerings

• PCI DSS Assessment Services – Mazars will thoroughly assess the in-scope environment against the PCI DSS requirements, gather evidence to support compliance, and produce a detailed Report on Compliance (ROC) and Attestation of Compliance (AOC) for fully compliant entities.
• PCI Self-Assessment Questionnaire (SAQ) Validation – For organizations eligible to complete an SAQ, Mazars will assess these organizations similarly to those requiring an ROC, but will produce the SAQ as the report deliverable and sign the attestation portion as the assessor.
• PCI DSS Readiness Services – Preparation is always key, and Mazars can help organizations prepare for assessment by helping to identify the correct scope, understand the applicable requirements, uncover gaps in compliance and propose strategies to achieve compliance.
  • PCI DSS version 4.0 Preparation Services – This is a specialized, compact version of the Readiness Service specifically focused on preparing for v4.0 of PCI DSS. It will examine new requirements, changes in expectations and readiness for a much more substantial level of effort required by v4.0.
  • PCI Remediation Services – Mazars offers an extensive array of consulting and remediation services to help resolve areas of noncompliance with PCI DSS. This can include development of or updates to policy documents, guidance for improving system security practices and standards, application security or cryptography controls, or other services offered by Mazars, including managed security services or penetration testing.