PCI Consulting and Risk Management Services

Bespoke risk management consultancy for acquirers and service providers.

PCI Consultancy

A wave of new Eurozone regulation to protect customer data includes:

  • List Title 1The European Banking Authority (EBA) guidelines for minimum security requirements for PSPs across the EU

  • The European Commission’s Payment Services Directive 2

  • The EC’s General Data Protection Regulation

The regulatory approach to card payments, especially in Europe, is forcing a shift in risk management approaches from voluntary to mandated compliance. How these pieces of legislation interact and align with PCI DSS is complex and may have a significant impact for all participants in the card payments business.

How can merchants, PSPs and acquirers keep up with potentially conflicting EU regulations at the same time as implementing a PCI Program? How do you deal with rapidly evolving payment technologies, new programs such as PCI P2PE v2 and the challenges of picking the best approach to meet your requirements?

Is it even possible to integrate new payment channels securely into existing business models?

Is P2PE the silver bullet that everyone hopes it is? How can acquirers and service providers understand the best approach and explain it to the merchant base where security awareness may be low? How do you shift the model to not only achieve initial compliance, but ensure that it can be maintained in a cost effective and pragmatic manner?

  • PCI DSS
  • PCI P2PE
  • PCI PIN

We work closely with our clients and their QSA Company to ensure that clients take appropriate measures to maintain compliance with PCI DSS.

We can also assist our clients with meeting the requirements of P2PE and ensuring a smooth process to achieving certification for their solutions.

Risk Management Services

Understanding and maintaining compliance with card scheme rules and regulations is a constant challenge for many in the marketplace.

We provide our clients with support to ensure that they understand the reasoning behind and the potential impact of becoming non-compliant to the regulations. Our purpose is always to allow our clients to enhance their processes, policies and procedures to ensure they are in control of their portfolio and are operating effectively within regulatory compliance.

We are approved by Visa International to perform risk reviews for the following programs:

  • Acquirer Risk Program (ARP)
  • Global Acquirer Risk Standards (GARS)
  • Global Brand Protection Program (GBPP)

n addition to scheme mandated reviews we are also able to provide individual consultations to our clients in order to allow them to pro-actively manage their portfolio.

These services include:

  • Portfolio Management and Remediation
  • Acceptance Risk Policy & Procedure Development
  • Industry Vertical Risk Management for High Risk Markets
  • Merchant and Partner Due Diligence Reviews
  • Non-compliance Remediation