The Payment Card Industry (PCI) Data Security Standard was established by the credit card companies to create a unified security standard for handling credit card information. PCI governs the safekeeping of cardholder information throughout the transaction process and applies to any and all entities, whether merchant or service provider that store, process or transmit cardholder account and/or transaction information.

Credit card vendors enforce the standard with severe financial penalties for non-compliance and/or revoking the ability to process credit card transactions.

OSP Global (now ControlCase) is an authorized vendor for providing PCI certification services for North America and the Asia-Pacific, or APAC, region. Our compliance services relating to PCI provides value-add to any organization involved within the flow of sensitive cardholder information. This includes merchants accepting any form of card payment, payment gateways or processors, service providers such as hosting sites, offsite backup services, fraud screening providers, software providers and acquiring banks. Our staff consists of highly proficient security, risk and compliance professionals who maintain the highest industry standards. We offer two categories of services:

1. Acquirer services
2. Service provider and merchant services

Acquirer Services

OSP Global (now ControlCase) assists acquirers in meeting compliance requirements to their respective card scheme. Compliance validation for service providers (all levels) and merchants (level 4 excluded) is mandated for no later than 30 June 2005.

These large scale compliance programs are facilitated via ControlCase GRC, our compliance management software solution, and combined with our acquirer compliance management services.

Responsibility has been placed on the acquirer for ensuring compliance of their respective service providers and merchants and as such, the acquirer may incur financial penalties following data compromise through a non-compliant service provider, processor, gateway or merchant.

^Top

Service Provider and Merchant Services

We offer the following services to credit card services providers and merchants:

• Pre-compliance services
• Remediation services
• Compliance Assessment:
  • Self Assessment Questionnaire (SAQ) - The SAQ is answered by the customer. The customer technical contact may be required to contact members of their own organizational departments to answer questions that belong to their domain.
  • Scanning services/Remote Vulnerability Assessments - A testing coordinator performs the vulnerability test remotely. The scan is launched at a time convenient for you, during business hours.
• Onsite assessments (report on compliance delivery) - With the self-assessment and remote vulnerability scan results in hand, our security assessor(s) arrange to visit the customer’s operations and data centers to validate the assessment information collected and observe operating procedures and structures. The assessment includes an internal vulnerability assessment, review of in-house procedures, observation of physical security and controls as well as interview management.

^Top

For more information about our PCI certification services please e-mail us at services@controlcase.com.