“Our clients place great trust and faith in us to properly and securely protect their customers’ credit card and purchasing data, and this is a responsibility we take very seriously,” said Mark Fichera, CEO, OnBrand24. “With the security breaches that have taken place at Target, Home Depot and, more recently, a potential breach at Staples,it’s important that we take every measure possible to ensure that customer data is handled in the most secure manner. This is a critically important aspect of customer service.”
The PCI Data Security Standard has been mandated by major credit card providers, and protects cardholder data. To achieve PCI compliance, all members, merchants and service providers, including call centers, must adhere to the Payment Card Industry (PCI) Data Security Standard (DSS), which offers a single approach to safeguarding sensitive data for all card brands.
CompliancePoint’s PCI certification engagement focuses on assessment, remediation, and certification of companies’ information and network security. CompliancePoint’s collaborative approach aligns the organization’s individual business units with their technology needs according to the PCI Security Audit and Reporting Procedures.
It’s critically important to ensure that call centers services providers meet all federal and state requirements. CompliancePoint's team of experts visited OnBrand24 facilities and performed an audit to ensure our practices meet all PCI DSS requirements.
CompliancePoint's auditors performed a comprehensive analysis that included interviews, document and record reviews, and data analysis. OnBrand24 was provided a detailed report outlining:
- CompliancePoint's findings
- Risk levels associated with any gaps identified during the audit
- Recommendations to close any gaps identified
Below are key activities, deliverables, and milestones for ensuring PCI DSS compliance and certification:
Phase 1: Project Definition and Scope
- Executive view of all 12 core PCI DSS standards necessary for meeting compliance
- Executive view of CompliancePoint’s PCI DSS offering, approach and deliverables
- Definition of key personnel and project timeline and milestones
Phase 2: Gap Analysis
- Review and analysis of current policies, procedures, and initiatives throughout the organization
- Analysis of debit/credit (i.e., payment) transaction environment
- Identifying and analyzing all significant third party outsourcers and managed service providers used by the organization
- Create Gap Analysis report
Phase 3: Remediation, Consultation & Implementation
- Joint review of the PCI DSS Gap Analysis findings and recommendations
- Create remediation and implementation project plan
- Organizational remediation of identified deficiencies or issues regarding PCI DSS compliance
Phase 4: Assessment and Reporting
- Assessment of organization’s PCI DSS compliance
- Generation of Report on Compliance
- Issue PCI DSS v2.0 Compliance Certificate
- Submission of Report on Compliance to applicable card brands and acquirers
Additional Services:
- Policy and procedure development
- Internal vulnerability and penetration testing
- Quarterly Network Vulnerability Scans by a certified PCI ASV (ContolScan)
- Technical Remediation and Consulting, CISO On-Demand
Mark Fichera, CEO
OnBrand24
Beverly, Massachusetts (headquarters)
Portsmouth, NH
Savannah, GA