Services > Consulting > Risk & IT Compliance > IT Compliance > PCI DSS

PCI DSS Audits

Merchants who accept payment cards from Visa, MasterCard, Discover, and American Express must comply with the Payment Card Industry Data Security Standard, commonly known as PCI DSS. This stringent framework is designed to safeguard the personal payment data of customers when it’s stored, processed, and transmitted by the companies they do business with.

The PCI DSS requires self-assessment of compliance and may require an independent audit and periodic security scans depending on the volume of your cardholder transactions. Moss Adams can help.

PCI DSS validation. We can provide you with an independent Report on Compliance and Attestation on Compliance that your organization can submit to an acquirer.

Vulnerability assessment scans. As one of about 100 Approved Scanning Vendors worldwide, we can perform the quarterly required vulnerability assessment scans and penetration tests on your Internet-facing systems.

PCI-compliant penetration testing. This annual network- and application-level test determines whether systems and devices connected to the Internet have vulnerabilities that can be used to access cardholder data.

PCI DSS Self-Assessment Questionnaire assistance. This review assesses a merchant or service provider’s compliance with the security controls listed in the PCI Self-Assessment Questionnaire and provides recommendations for fixing any deficiencies identified.

PCI DSS remediation. We can help you carry out remediation actions to close identified compliance gaps.

IT control integration and optimization. Many organizations focus their compliance or information security efforts on one or several specific mandates or compliance requirements in addition to PCI requirements. For example, your organization may be subject to SOX, HIPAA, or other compliance standards or have adopted ISO 27001/27002 or COBIT frameworks for internal security programs. We can help you achieve cost savings and increase the effectiveness of these efforts by integrating an internal control system or optimizing controls across multiple compliance requirements.


Primary Contact

Photo of Jonathan Smith
Jonathan Smith
Principal
(801) 907-4332

Baker Tilly US, LLP, Baker Tilly Advisory Group, LP and Moss Adams LLP and their affiliated entities operate under an alternative practice structure in accordance with the AICPA Code of Professional Conduct and applicable laws, regulations and professional standards. Baker Tilly Advisory Group, LP and its subsidiaries, and Baker Tilly US, LLP and its affiliated entities, trading as Baker Tilly, are members of the global network of Baker Tilly International Ltd., the members of which are separate and independent legal entities. Baker Tilly US, LLP and Moss Adams LLP are licensed CPA firms that provide assurance services to their clients. Baker Tilly Advisory Group, LP and its subsidiary entities provide tax and consulting services to their clients and are not licensed CPA firms. ISO certification services offered through Moss Adams Certifications LLC. Investment advisory offered through either Moss Adams Wealth Advisors LLC or Baker Tilly Wealth Management, LLC.