PCI-DSS v4.0 compliance is mandatory for every organisation that stores, processes or transmits cardholder data. Non-compliance risks losing the right to accept card payments. Our QSA-aligned team takes you from gap analysis to Report on Compliance — covering all 12 requirements and 300+ sub-requirements for your merchant level.
End-to-end PCI-DSS v4.0 compliance -- scope definition, gap assessment, SAQ guidance, the required penetration test of your CDE, and Report on Compliance preparation for all merchant levels.
Cardholder data environment scoping to minimise your compliance surface. Data flow mapping to identify all in-scope systems and scope reduction opportunities.
Assessment of all 12 PCI-DSS v4.0 requirements and 300+ sub-requirements. Prioritised remediation roadmap with effort and timeline estimates.
SAQ type selection and completion for smaller merchants. SAQ A, A-EP, B, B-IP, C, C-VT, D and P2PE all in scope based on your integration model.
PCI-DSS Requirement 11 mandates annual penetration testing of your CDE. Our OSCP-certified testers conduct the required internal and external penetration tests.
Verification that your CDE is properly segmented from out-of-scope systems -- required by PCI-DSS and critical for reducing your compliance scope and cost.
Full RoC preparation for Level 1 merchants. QSA auditor liaison and exception response management throughout your certification process.
Automated and manual discovery of all cardholder data across your environment -- including data you did not know you held. CDE scope defined and network segmentation validated before assessment begins.
Full assessment against all 12 PCI DSS v4.0 requirements -- network security, configuration standards, cardholder data protection, cryptography, access control, monitoring and security testing.
Self-Assessment Questionnaire completed for merchants Level 2-4. Report on Compliance support for Level 1 merchants requiring QSA audit. Evidence packages prepared for acquiring bank submission.
Actionable remediation for every non-compliant finding. After remediation we re-validate all controls and provide your Attestation of Compliance document for submission to your acquiring bank.
Gap to certification by ISO 27001 Lead Auditor professionals. 40+ policies drafted.
Type I and Type II readiness to report for US and EU enterprise contracts.
Risk analysis and safeguard implementation for healthcare organisations handling PHI.
Data mapping, DPIA, privacy notices and breach response for EU data processing.
Full programme for India DPDPA 2023. Gap to compliance in 6 weeks.
Any organisation that processes, stores or transmits cardholder data is required to comply with PCI DSS. Non-compliance results in fines of USD 5,000 to USD 100,000 per month from your acquiring bank, plus liability for all fraudulent transactions in the event of a breach. Our QSA-aligned professionals take you from gap to compliant.
Every PCI DSS engagement aligned to Qualified Security Assessor methodology -- the same standard your QSA audit will apply at Level 1.
We locate all cardholder data across your environment -- including data you did not know you held -- before your assessment scope is defined.
We validate that your cardholder data environment is properly segmented from the rest of your network -- a common and expensive audit failure point.
Self-Assessment Questionnaire for Levels 2-4 and Report on Compliance support for Level 1 merchants. Evidence packages prepared for acquiring banks.
Assessments valid for Visa, Mastercard, Amex, Discover and UnionPay. Your attestation of compliance covers all major card brand requirements.
Our PCI DSS compliance deliverables are accepted by all major Indian and international acquiring banks. 100 percent submission acceptance record.
PCI DSS non-compliance fines range from USD 5,000 to USD 100,000 per month. In the event of a payment card breach, non-compliant organisations are liable for all fraudulent transactions, forensic investigation costs, and card replacement costs. The total liability can run to hundreds of crores.
$100K
Monthly Fine for Non-Compliance
Rs 17.9 Cr
Avg Indian Breach Cost
12 Req.
PCI DSS v4.0 Requirements Covered
100%
Audit Pass Rate for Our Clients
Your PCI-DSS merchant level is determined by the number of Visa and Mastercard transactions you process annually. Level 1 is over 6 million transactions and requires a QSA-led Report on Compliance. Levels 2 to 4 may complete a Self-Assessment Questionnaire. We help you determine your level and choose the right compliance path.
Using a payment gateway reduces but does not eliminate your obligations. Your scope depends on how you integrate. If you redirect entirely to a hosted payment page, your scope is minimal (SAQ A). If your checkout loads the payment form via iframe or your server touches card data in any way, your scope is broader.
Yes. Our PCI-DSS compliance deliverables — SAQs for Levels 2-4 and Report on Compliance for Level 1 — are accepted by all major Indian and international acquiring banks and by all five major card brands: Visa, Mastercard, Amex, Discover and UnionPay. We have a 100 percent submission acceptance record.
Non-compliance fines from card brands range from USD 5,000 to USD 100,000 per month. More significantly, a breach in a non-compliant environment typically results in revocation of your right to accept card payments — which is existential for most e-commerce businesses.
Every gap finding includes a specific remediation recommendation with effort estimate and timeline. After you remediate, we re-validate the control before including it in your SAQ or RoC. For Level 1 merchants with a QSA audit, we prepare your non-conformity responses and attend the auditor fieldwork to manage the process on your behalf.
PCI-DSS compliance requires annual re-assessment. The required penetration test (Requirement 11) must be conducted annually or after any significant infrastructure change. Your SAQ or RoC must be submitted to your acquiring bank annually. We offer annual PCI-DSS maintenance programmes to manage the renewal cycle efficiently.
Free 30-minute scoping call — fixed-price proposal within 24 hours. No commitment required.
RBI • SEBI • IRDAI • DPDPA DATA PROTECTION BOARD
