Featured Service

Governance, Risk and Security Compliance management: Preserving business revenue and brand reputation

Accepting payments by credit and debit card automatically results in the need to adhere to strict Payment Card Industry (PCI) compliance procedures. Many large member organisations and companies are not compliant and face substantial fines for breaches enforced through their merchant contracts. From October 2009 fines will be imposed by the payment card industry on merchants who are not compliant even if no actual breach of security has occurred.

F2X assists organisations navigate the multitude of contractual, legislative and regulatory requirements to ensure compliance with internal and external standards. All organisations have an obligation to provide adequate protection for customer and business information, the difficulty is in determining what is ‘adequate’, the various standards and laws contain only high overview requirements and are not prescriptive about detailed protection mechanisms.

F2X has experience of guiding clients through the requirements of the sometimes conflicting standards including the following:-

  • PCI Data Security Standard (DSS)
  • Data Protection act
  • ISO 27001 (International Security Standard)
  • Human Rights Act
  • Sarbanes Oxley Act
  • Computer misuse act

Focus on PCI Compliance

Fraud committed utilising stolen credit card details has increased dramatically in recent years, the majority of losses are enabled through inadequate security measures on IT systems processing online card payments, the PCI security standard was formed and mandated in 2001. The PCI standard provides a well defined list of security requirements but many organisations are left with more questions than answers when it comes to determining how best to address each requirement in a manner that is considered acceptable to gain compliance.

F2X advises clients on all aspects of PCI compliance and also how a compliance program integrates with a comprehensive Information Governance framework.

Top 10 things to know about PCI Compliance

5 facts:-

  1. PCI DSS applies to all entities that process or store credit card information
  2. Compliance to PCI is mandatory with penalties for non-compliance
  3. Penalties include fines, director liability and removal of ability to process credit cards
  4. There have been several high profile breaches involving 100,000’s of credit card details
  5. PCI requirements are standard security controls that should already be present (not additional)

5 myths:-

  1. PCI can be ‘fixed’ with a single technology solution
  2. PCI compliance is primarily an IT problem
  3. PCI is a onetime project
  4. PCI does not include paper records
  5. PCI will go away in the future

PCI: What can f2x offer ?

Click the image below to view the pdf.
F2X PCI - Interactive PDF

Typical Client

UK based membership organisation achieves PCI compliance:

In excess of 100,000 members, approaching half a million credit card transactions annually, this UK membership organisation needed to ensure its processes were PCI compliant to reduce risk and liability. F2X began with a detailed risk review and produced a framework and roadmap to deliver PCI compliance through a structured 12 month program. Working extensively with internal and external client teams, F2X delivered demonstrable compliance to all areas of the PCI requirements. Through risk assessment, structured remediation activities and regular compliance audits F2X were able to attain significant improvement not only in the level of compliance with PCI DSS but additionally improved the overall level of information security management throughout the organisation. F2X formulated strategy, shaped the direction and delivered results for this major UK membership organisation.