0Tolerance can assist with PCI Compliance QSA services. 0Tolerance is a listed Payment Card Industry (PCI) Qualified Security Assessor (QSA), meaning we are approved and listed with the PCI Security Standards Council (SSC) to perform QSA engagements for your organization.

What Is PCI DSS

The PCI Data Security Standard (PCI DSS) is a set of security standards that were developed by the PCI SSC to protect cardholder data. It applies to any organization that stores, processes, or transmits cardholder data, regardless of the size or number of transactions.

The PCI DSS is important because it helps organizations protect against data breaches and cyber-attacks that can result in the loss or theft of sensitive cardholder data. This includes personal information such as credit card numbers, expiration dates, and security codes. By following the PCI DSS, organizations can reduce the risk of data breaches and protect themselves and their customers from financial losses and damage to their reputation.

The PCI DSS protects cardholder data by requiring organizations to implement a set of security controls and best practices. Organizations must also perform regular self-assessments or third-party audits to ensure that their security controls are effective and that they are complying with the PCI DSS.

PCI Service Provider Requirements

In the context of the PCI DSS, service providers are organizations that provide services to other organizations that handle cardholder data. Examples of service providers include payment processors, hosting providers, and managed service providers. Service Providers can be either Level 1 or Level 2. All Level 1 Service Providers must undergo a third-party QSA-audit annually. Level 2 Service Providers have options for a third-party QSA-audit or the Self-Assessment Questionnaire Type D for Service Providers.

All Service Providers must undergo a full annual pen test, a second annual pen test for segmentation testing purposes (6 months from the full test), PCI ASV external vulnerability scanning, and internal vulnerability scanning.

PCI Merchant Requirements

Merchants, on the other hand, are organizations that accept credit and debit card payments from customers. They are responsible for ensuring that their payment systems are PCI DSS compliant. There are four levels of merchants based on transaction volume and how cards are accepted, ranging from Levels 1 through 4. Level 1 Merchants must undergo a third-party audit. Level 2 Merchants sometimes have third-party and self-assessment options. Levels 3 to 4 generally self-assess.

Merchant PCI ASV External Scanning Requirements:

Level 1 Merchants

Level 2-4 Merchants completing SAQ Types A-EP, B-IP, C, or D

Merchant PCI Internal Vulnerability Scanning Requirements:

Level 1 Merchants

Level 2-4 Merchants completing SAQ Types C or D

Merchant PCI Penetration Testing Requirements:

Level 2-4 Merchants completing SAQ Type A-EP must undergo external network penetration and internal network segmentation testing.

Level 2-4 Merchants completing SAQ Type B-IP must undergo internal network segmentation testing.

Level 2-4 Merchants completing SAQ Type C must undergo internal network segmentation testing.

Level 2-4 Merchants completing SAQ Type C-VT must undergo internal network segmentation testing.

Level 2-4 Merchants completing SAQ Type D must undergo external network pen testing, full internal network pen testing, and internal network segmentation testing.

QSA Services For Merchants And Service Providers

We perform the following engagements

Level 1 Compliance Assessments (Report on Compliance)
Level 2 Compliance Assessments (Assisted SAQ)
Gap, Risk and Readiness Assessments

PCI Penetration Testing

0Tolerance performs penetration testing and segmentation testing for PCI purposes.

External network and application pen testing
Internal network pen testing
Segmentation testing

PCI Approved Scanning Vendor

0Tolerance offers an industry-leading ASV solution that has been customized to our needs for your benefit.

External vulnerability scans for ASV purposes
Attestations of Scan Compliance (AoSC) and Seals
Complete the Self-Assessment Questionnaire(s) Online

We Help You Avoid Costly Payment Card Breaches