Payment Card Industry Data Security Standards
PCI Standard council has developed Data Security Standards for organizations who stores, process and transmits the credit/debit card data. PCI DSS is not a legal requirement, it’s a contractual requirement between two businesses.
The world is going digitized day by day. Every business is accepting electronic payment. Cyber criminals are no where behind. To mitigate the cyber risk PCI Standard council has developed data security standard for credit/debit card processors, which is divided into 6 categories, 12 sub categories and total 280+ security controls.
PCI DSS Consultation & Services
PCI DSS v3.2.1 has total 280+ controls divided into 12 categories and total 6 requirement. Deployment of 280+ security controls may take up-to 6 months of time or even more depending on the size of the organization. Our team of PCI DSS Consultants have more than 35+ years of combined experience and helped more than 1500+ organizations to comply with PCI DSS standards.
About Exploit Hunters
Exploit Hunters is into the business of cyber security and privacy since 2016. We are the very first and only cyber security research and consultation company based in central India. We are part of Startup India. Govt of India's flagship scheme to promote startup culture in India.
We know cyber security and privacy sounds complex and at some point it is, but our consultants are known for their capabilities to make complex things easy for business people and help them understand the key needs.
Any business which stores, process or just transmit the credit/debit card data or any other financial information should comply with PCI DSS.
PCI DSS is not a legal requirement. It’s just a contractual requirement between two businesses. If you do not comply with PCI DSS then you may face fines or business sanctions as per the contract that you have signed.
On the basis of number of transaction PCI Standard Council has divided business into multiple categories which you may find on the official website of PCI standard council. There’s no complete exemption of security standards under PCI DSS.
First you need to deploy all the security controls mentioned under PCI DSS after couple of internal audits you may ask PCI QSA Auditor to perform audits and and if QSA finds everything up-to the mark they will issue a certificate for you.