PCI DSS SERVICE -
CONTINUAL COMPLIANCE
Need a PCI Compliance attestation for your organisation?
BUILD TRUST IN YOUR BRAND BY
WITH A PCI DSS ATTESTATION.
With millions of transactions now taking place online, organisations are required to store customer payment data on their internal databases. But unfortunately, simply storing such sensitive information on your database without further thought isn’t enough to keep it safe. Sophisticated cybercriminals actively attempt to obtain and exploit payment details each and every day. Therefore adequate security and management of this data is imperative to not only keep your customer's information out of the wrong hands but also to keep your reputation intact.
WHAT IS A PCI DSS ATTESTATION
AND WHO DOES IT APPLY TO?
PCI DSS is an acronym for the Payment Card Industry Data Security Standard. Although it sounds complicated, we assure you that it is not. PCI DSS is a compliance standard for businesses that transmit or store cardholder data and businesses are contractually required to comply with the standard.
Any organisation that stores or transmits payment or Cardholder Data (CHD) or Sensitive Authentication Data (SAD), regardless of the size or industry, must obtain PCI DSS attestation in order to operate. No ‘ifs’, and no ‘buts’, it is a must.

PCI COMPLIANCE REQUIREMENTS
To become PCI DSS attested, organisations must engage a Qualified Security Assessor Company (QSAC), who can assist with the PCI DSS yearly attestation. Loop Secure is a Qualified Security Assessor and can help you gain this necessary attestation.
The PCI compliance requirements are as follows:
Build and Maintain a Security Network and Systems
- Install and Maintain Security Controls
- Apply Secure Configurations to All System Components
Protect Account Data
- Protect Stored Account Data.
- Protect Cardholder Data with Strong Cryptography During Transmission Over Open, Public Networks.
Maintain a Vulnerability Management Program
- Protect All Systems and Networks from Malicious Software.
- Develop and Maintain Secure Systems and Software.
Implement Strong Access Control Measures
- Restrict Access to System Components and Cardholder Data by Business Need to Know.
- Identify Users and Authenticate Access to System Components.
- Restrict Physical Access to Cardholder Data.
Regularly Monitor and Test Networks
- Log and Monitor All Access to System Components and Cardholder Data.
- Test Security of Systems and Networks Regularly.
Maintain an Information Security Policy
- Support Information Security with Organisational Policies and Programs.

LOOP SECURE IS
CERTIFIED AND VERIFIED
SAFEGUARD YOUR ORGANISATION'S REPUTATION BY ENSURING THAT YOU'RE PCI COMPLIANT
When running your organisation, the safety and security of your customer's sensitive information and data should be paramount, especially regarding payments.
Depending on the transactions processed per year and the type of transaction methods used, you’ll require a certain level of PCI compliance. PCI DSS validation and attestation provide an assurance that you safely and securely accept, store, process, and transmit cardholder data, when customers pay either directly in-store and/or online (e-commerce transactions), using a credit or debit card.
Loop Secure manages all your PCI compliance needs to ensure peace of mind. As a Qualified Security Assessor (QSA), we would validate your environment against the expected PCI DSS compliance level. We also deliver onsite pre-audit health checks to identify and rectify any compliance gaps before your PCI DSS attestation audit.
Finally, if you’ve recently failed a PCI DSS attestation audit, Loop’s QSA-certified consultants can assist in remediating any PCI DSS controls and advise the steps necessary to meet compliance requirements. Loop also provides services that enable our customers in properly implementing a PCI DSS compliant environment.
With your PCI compliance handled by Loop Secure, you’re taking care of your security posture, avoiding fines and downtime, and maintaining the trust of your customers.
A PCI COMPLIANCE SERVICE THAT WON’T LET YOU DROP THE BALL
Companies currently managing the burden of compliance with the PCI standard understand the challenges of the annual workload on employees during audit time. The productivity drain on staff, coupled with the direct costs to remediate non-compliant controls at the last minute, combine to result in compliance fatigue.
Loop Secure has developed an innovative PCI compliance service to deliver continual compliance against PCI DSS. We make it easy, by ensuring that the PCI DSS environment is validated throughout the year for PCI DSS compliance and provide an attestation of compliance to PCI DSS Standard, which you can use to provide assurance to the customers that you are providing the maximum security when processing your customer’s payments or handling customer data.
From initial review and gap analysis to formal PCI DSS attestation, our experienced consultants can guide you through your PCI DSS attestation process. For those looking at the PCI standard, having PCI attestation provides confidence to customers that they can trust your organisation with their credit card payments, without the need to worry about the security of their data.
From customers to merchants and financial institutions, cardholder data security affects everybody. Preserve your customer trust, ensure compliance, and benefit your organisation long-term with Loop’s PCI Continual Compliance Service.

RESOURCE
PCI DSS V4.0 - The most inclusive PCI DSS Standard ever?

FAQS
WHAT IS PCI COMPLIANCE?
PCI DSS compliance is a contractual requirement and compliance is mandated by the contracts that merchants sign with card brands and their banks. Every organisation that stores or transmits this cardholder data, regardless of the size or industry, must comply with PCI DSS Standard and demonstrate compliance every year in order to provide card-based payment services to customers.
How Do I Get PCI Compliant?
To become recognised as a PCI-compliant organisation, an assessment should be performed every year and the organisation should be attested as compliant with the PCI DSS standard. To get attested, you must engage the PCI compliance services of a Qualified Security Assessor (QSA) like Loop Secure.
There are several requirements an organisation needs to meet in order to achieve attestation which are documented in the PCI DSS Standard document published on the PCI Standards Council’s official website. These requirements are developed to achieve the following goals:
Build and Maintain a Security Network and Systems
Protect Account Data
Maintain a Vulnerability Management Program
Implement Strong Access Control Measures
Regularly Monitor and Test Networks
Maintain an Information Security Policy
What Happens If You Are Not PCI Compliant?
If your organisation transmits or stores Cardholder Data (CHD) or Sensitive Authentication Data (SAD), you must obtain PCI compliance attestation.
If you are not PCI DSS compliant, your bank or the payment brands (Visa, MasterCard, Amex, Discover Financial Services, JCB International and Union Pay) could impose financial penalties for being not compliant with the PCI DSS standard.
If an organisation is not compliant and if there is a breach involving cardholder data, the organisation would be imposed severe financial penalties and would be mandated to meet stringent requirements to comply with the standard and report compliance.
Can cardholder data be stored?
Cardholder Data (CHD) can be stored and transmitted by organisations so long as they comply with all 12 PCI DSS compliance requirements and have obtained attestation to confirm that they are operating in compliance.
What is within the scope of a PCI DSS assessment?
All the people, process and technology components used to provide card-based payments, both directly or through online methods such as e-commerce is considered Cardholder Data Environment (CDE) and are within the scope of an organisation’s PCI DSS assessment. Scoping the PCI DSS environment of the organisation is critical to ensure that all the systems, processes and people involved in handling or facilitating card-based transactions are included in an organisation’s PCI DSS assessment scope. Always engage a QSA to assist with validating the PCI DSS scope.