Governance, Risk
and Compliance


> Payment Card Industry Data Security Standard (PCI DSS)

Cipher is a top tier Payment Card Industry (PCI) Data Security Standard (DSS) Qualified Security Assessor (QSA) and PCI Approved Scanning Vendor (ASV).


The PCI Security Standards Council (SSC) created the PCI DSS in support of MasterCard, Discover, JCB, Visa and American Express in 2004. These financial titans understood the risk of improper payment card processing, transmission, and storage. Merchants and processors of credit card information must comply with the PCI DSS. The number of applicable requirements in the PCI DSS increases based on the size of the scope.
As the proven leader in PCI compliance with over a decade of PCI consulting experience, we have worked with merchants and service providers across all tiers. Our trusted advisors are knowledgeable on all PCI DSS requirements. 
Cipher can help you navigate the requirements, define the scope, identify ways to reduce the scope of PCI DSS, as well as assist you with defining the applicable requirements based on the scope. We are also able to provide formal assessments in order to comply with PCI DSS.
PCI DSS is not about endless paperwork, it is about the safety of highly sensitive card holder data. Heavy fines can be imposed against a company that suffers a data breach and is found to be noncompliant. Companies can even be fined if they are found to be compliant after a breach, although the amount is typically less. If a payment card breach happens, your brand’s reputation will suffer. Complying with PCI DSS reduces the likelihood of breaches and the negative consequences.

Cipher PCI DSS Services help you:

Stay Compliant

Ciphers helps companies comply with more than 250 PCI DSS standard requirements, all of which must be met to achieve compliance.

In addition to complying with what is specified in each requirement, it is necessary to maintain compliance during the 12-month period of the certification. Failure to maintain compliance or allowing your certification to lapse for extended periods of time could introduce the risk of suffering heavy fines and brand damage. In the case of multiple severe failures to safeguard card holder data, companies could be disqualified from processing a brand of cards.

Keep Card Data Safe

Cipher understands the importance of PCI DSS as a measure to protect consumers.

The personal data that your customer sends to you is sensitive information and important to owner. Failing to safeguard this data could result in negative consequences for your customers. Credit card information could be stolen, causing the consumer a headache. Even worse, the identity of your customers could be stolen. The harm to your customers will have an impact on their loyalty and your brand’s reputation.

Reduce PCI DSS Scope Through Outsourcing

Cipher can assist you with your compliance objectives by improving processes.

The size and complexity of your PCI DSS scope could make it more difficult to achieve compliance with PCI DSS. Limited resources and a lack of capability to effectively manage PCI DSS compliance continues to be one of the biggest obstacles for most organizations. Engaging the services of a trusted advisor will effectively assist you with the deployment of a secure PCI DSS environment as well as assisting with the development of a suitable strategy to manage your PCI DSS obligations. This support could save you from incurring unnecessary cost or expenses.

Approved Scanning Vendor (ASV)

Cipher provides ASV scanning you can trust.

Cipher specializes in the use of the necessary security services and tools to conduct vulnerability scans. The ASV scanning solution has been tested and approved by the PCI SSC. Cipher is a licensed approved scanning vendor, operating globally using a set of security services and tools which have been tested and approved. As a result, Cipher is listed on the PCI SSC’s list of approved scanning vendors.

PCI DSS Penetration Testing

Cipher provides qualified expert penetration testers that are world-class.

Cipher’s penetration testers are an elite team of technical experts capable of performing the required testing with regards to external and internal testing. Our team of penetration testers have been expertly trained to tailor their penetration testing activities to suit your specific PCI DSS scope and card environment. Cipher’s penetration testers will work with you to understand where weaknesses and vulnerabilities have been identified, the manner they can be exploited and how to put the correct preventive or remedial measures to reduce the risk of those vulnerabilities being exploited by malicious individuals.

Qualified Security Assessor (QSA)

Cipher is your trusted QSA partner throughout your PCI DSS journey.

Cipher’s QSAs are expert assessors who are certified by the PCI SSC. Cipher’s QSA community will independently validate all applicable PCI DSS control requirements based on the technical and business information provided by a merchant or service provider in relation to the scope for PCI DSS. In addition to validating the scope of the assessments and all applicable requirement, the QSA will produce the report on compliance and Attestation of Compliance (AOC). Cipher’s QSAs are also a valuable trusted advisor during the assessments.