PCI DSS Audits

Merchants who accept payment cards from Visa, MasterCard, Discover, and American Express must comply with the Payment Card Industry Data Security Standard, commonly known as PCI DSS. This stringent framework is designed to safeguard the personal payment data of customers when it’s stored, processed, and transmitted by the companies they do business with.

The PCI DSS requires self-assessment of compliance and may require an independent audit and periodic security scans depending on the volume of your cardholder transactions. Moss Adams can help.

PCI DSS validation. We can provide you with an independent Report on Compliance and Attestation on Compliance that your organization can submit to an acquirer.

Vulnerability assessment scans. As one of about 100 Approved Scanning Vendors worldwide, we can perform the quarterly required vulnerability assessment scans and penetration tests on your Internet-facing systems.

PCI-compliant penetration testing. This annual network- and application-level test determines whether systems and devices connected to the Internet have vulnerabilities that can be used to access cardholder data.

PCI DSS Self-Assessment Questionnaire assistance. This review assesses a merchant or service provider’s compliance with the security controls listed in the PCI Self-Assessment Questionnaire and provides recommendations for fixing any deficiencies identified.

PCI DSS remediation. We can help you carry out remediation actions to close identified compliance gaps.

IT control integration and optimization. Many organizations focus their compliance or information security efforts on one or several specific mandates or compliance requirements in addition to PCI requirements. For example, your organization may be subject to SOX, HIPAA, or other compliance standards or have adopted ISO 27001/27002 or COBIT frameworks for internal security programs. We can help you achieve cost savings and increase the effectiveness of these efforts by integrating an internal control system or optimizing controls across multiple compliance requirements.


Primary Contact