We provide with our Security Services for PCI a comprehensive set of services to assist banks, processors, payment service providers and merchants in achieving compliance with the PCI-DSS requirements. The proven TÜV SÜD methodology and rendering of services are divided into different stages to assist the customer in achieving compliance. During these stages, we provide the customer with mandatory and optional services to allow the customer to achieve compliance in an efficient and timely manner. These stages are:
Education and Assessment Preparation: To understand the focus of PCI-DSS and to define the scope of relevant areas, we provide detailed information and training for the customers to improve the level of attention and understanding of the
management and involved staff members.
Compliance Advisory and Support: During this stage the identification of weaknesses and deviations from the requirements of the PCI-DSS is performed. For customers, who have not undergone a PCI validation in the past, we recommend this phase or parts of this phase to highlight areas of non-compliance and prioritize the respective remediation actions.
Vulnerability Scanning Services: The PCI-DSS requires that vulnerability scans are performed on a regular basis. The scan detects vulnerabilities on the external facing IP addresses of the customers’ network infrastructures to help identifying gaps and to improve the external security.
Assessment Services: An onsite review according to the PCI Security Audit Procedures is conducted by our auditors together with the responsible staff of the customer during an onsite visit. This review addresses processes and procedures, physical and logical security, documentation and security management.