Mandem offers a range of comprehensive, customized PCI compliance solutions that objectively match each requirement to identify a possible solution for your company. In addition, we provide pre-assessments in (PCI-DSS and PC-DSS), remediation, program development, penetration testing, and code review services that help companies address specific areas of PCI compliance and common practice. Before undergoing a “real” PCI Audit, Mandem Inc. can perform pre-assessents to determine if you are ready. Customers often use this approach to help identify areas needing remediation. With our substanial experience, toolsets, and range of services, Mnadem can perform remediation work as well. You will benefit from an accerlated and more streamlined “real” assessment process.

Who Must Comply?

Any company that processes, stores, or transmits credit card data must comply with the PCI Data Security Standard. PCI has grouped companies by their types as well as how many transactions they process. Using these groupings, the PCI has assigned levels, from largest (Level I) to smallest (Level IV). Merchants are companies that conduct business, either online or in traditional “brick-and-mortar” fashion. Service providers (and payment gateways) are companies that facilitate transactions on behalf of merchants and acquiring banks. Based on their level, a company must perform a series of tasks to substantiate its compliance with PCI. The follwing table summarizes these tasks.

PCI Data Security Standards

Regardless of transaction volume and the steps required to demonstrate compliance, all companies must adhere to the PCI Data Security Standard (PCI-DSS). The following table summarizes key provisions of these standards.