SecurityMetrics PCI solution testimonials from real businesses like you.Many businesses have experienced difficulty understanding what to do to reach compliance with the PCI DSS. Consumer payment data is in the hands of many small and medium-sized businesses that fail to understand why or how they should secure their networks from data theft and fraud.
With hacking and cybercrime on the rise, credit card data security mandates are more important than ever.
The following are case studies for SecurityMetrics’ PCI DSS compliance solutions that outline the various ways SecurityMetrics was able to help organizations reach full PCI DSS compliance.
Case Study: Christian Brothers AutomotiveView the PDF version of this case study.
Christian Brothers Automotive cares about every customer that comes into their shop. They also care about keeping their customers’ data safe. With many locations across the nation, keeping a level of security and compliance can be difficult. Christian Brothers Automotive found a security and compliance expert to help them achieve their goals for all locations and ensure their brand stays strong.
“SecurityMetrics has been a great partner in helping Christian Brothers Automotive continue to keep our customer information private and secure.” —David Domine, Director of Training
Challenges you faced with PCI compliance
- We needed to reduce our risk of exposure should data be compromised.
- We needed to achieve a reasonable level of due diligence to keep our customer data safe.
- We needed to make sure all of our stores were providing the same level of security.
Resolving challenges with SecurityMetrics
- SecurityMetrics was able to put all of our stores under one main enterprise account.
- SecurityMetrics allowed us to customize our account set up to increase success.
- SecurityMetrics is able to provide phone and email support for stores that are experiencing issues completing the PCI Self-Assessment Questionnaire (SAQ).
Goals achieved working with SecurityMetrics
- Increased security across all stores
- Maintained strong brand identity by having a security focus
- All stores reached and maintained PCI DSS compliance
Case Study: TransactisView the PDF version of this case study.
Transactis is a secure electronic billing and payment solution for businesses of all sizes. An aspect of being secure is complying with the Payment Card Industry Data Security Standard (PCI DSS), which includes an annual onsite audit by a Qualified Security Assessor (QSA). The problem their Chief Compliance Officer, John Norment, faced was finding a QSA that could meet deadlines and communicate clearly.
“SecurityMetrics really came through for us. They picked up the ball that had been seriously dropped by our prior QSA. They were very responsive to our time-sensitive needs. Their personnel were very knowledgeable, professional, and communicated and planned effectively. They accomplished the assessment on time. Thanks to their expertise, we have an even deeper and more comprehensive assurance of our security.” —John Norment, Chief Compliance Officer
SEE ALSO: 5 PCI Compliance Tips for Enterprise Organizations
Challenges you faced with PCI Compliance
- Previous QSA established schedules/timelines, which they failed to meet. Even more challenging was their assurance that they would meet the new (delayed) timelines, which they also failed to meet which resulted in us missing certain deadlines relating to our PCI Compliant status and their failure to meet their contractual obligations.
- Previous QSA’s project manager failed to communicate exactly what was required of us, created an audit schedule that they did not follow, and provided inaccurate updates on status of our Report on Compliance.
- Previous QSA contracted with us to be a subject matter expert throughout the year to help us to be and maintain our PCI compliance. However, due to undisclosed personnel issues within the QSA, they were unable to meet their commitments.
Resolving Challenges with SecurityMetrics
- SecurityMetrics clearly communicated the schedule, where we were in the process, what was needed from us to keep progressing, and expectations of when each task would be completed.
- SecurityMetrics clearly communicated the evidence, diagrams, policies and procedures, and deliverables we needed to provide to make the audit go more smoothly.
- SecurityMetrics QSA conducted a more thorough assessment than our previous QSA, and had a better understanding of PCI scope, requirements, compensating controls, and security in general.
Goals Achieved working with SecurityMetrics
- Able to get senior management buy-in to accelerated actions to ensure security and compliance.
- Received a completed Report on Compliance in advance of our extension date.
- Assurance that we have a secure cardholder data environment.
- Have an even deeper understanding of PCI and how it applies to our business.
- Found a true ongoing partner in security and compliance, not just an auditor.
- Demonstrated that with proper personnel and commitment, the Report could be done in the time required by us, in contradiction to the previous QSA that refused to commit to any definite timeline.
Need help with PCI compliance? Talk with one of our compliance consultants!