AROBS Transilvania Software

Request info

PCI Compliance is mandatory for merchants and sellers who process payments

As technology evolves so is the rise in data breaches. Security is a key factor in the relationship businesses have with their customers that is why it would be less probable for a customer to choose services that won’t assure their data information.


According to IBM®, businesses that are not PCI Compliant risk to pay to $4 million after a data breach. Data breaches are still the most dangerous risk businesses face in terms of data security. The cost of a breach can be very different for every organization.


By implementing the PCI DSS compliance, a company has an external guarantee to its users that their information will be handled in a secure manner. A report made by Verizon shows that in 2016, 55.4% of organizations were PCI Compliant at interim. Still, the number of companies falling their interim assessment had grown.


“Indeed, no organization affected by payment card data breaches was found to be in full compliance with the PCI DSS during a subsequent Verizon PCI forensic investigator (PFI) inquiry.” States the report made by Verizon.


PCI Compliance Expertise



The EU commission had standardized that if you have to process sensitive cardholder data or sensitive authentication data on your website, you must be secured. VISA, Mastercard, American Express, JCB and Discover impose businesses to be PCI Compliant.


The process of PCI is a long-term responsibility and businesses should develop a strategy on how to treat and mitigate risks regarding cyber security. It is also important for businesses to develop an incident response plan.


Our experts offer consultancy to businesses that want to become PCI compliant offering straight indications and prepare the businesses for an audit. Our team analyzes the platform and the services offering regular updates.


Once the business goes through the audit and the directions that must be implemented are given, our experts help the business implement them.


We build and adjust architectures that meet our customers' requirements. With an enlarged expertise in building and maintaining already existing architectures suitable for the PCI Compliance, we managed to help four large customers from the Travel and Hospitality Industry get compliant. Find out more information about our expertise in Travel and Hospitality industry.


What are the PCI DSS Standards?


Our goal is to help the customers we work with get PCI Compliant as soon as possible. Sometimes the process can last for over an year, this is why it is important to start developing a strategy that has all the PCI DSS Standards in order. The following steps mirror the best practices businesses need to adopt in order to get compliant. AROBS experts have an enlarged expertise in implementing these practices.


1. Build and Maintain a Secure Network:

  •  Install and maintain a firewall configuration to protect cardholder data
  •  Do not use vendor-supplied defaults for system passwords and other security parameters

2. Protect Cardholder Data

  • Protect stored cardholder data 
  • Encrypt transmission of cardholder data across open, public networks

3. Maintain a Vulnerability Management Program

  • Use and regularly update anti-virus software or programs 
  • Develop and maintain secure systems and applications

4. Implement Strong Access Control Measures

  • Restrict access to cardholder data by business need to know 
  • Assign a unique ID to each person with computer access 
  • Restrict physical access to cardholder data

5. Regularly Monitor and Test Networks

  • Track and monitor all access to network resources and cardholder data 
  • Regularly test security systems and processes

6. Maintain an Information Security Policy

  • Maintain a policy that addresses information security for all personnel

When do Data Breaches occur?

  • When Valuable Data is Stored.
  • When Access is not made effectively.
  • When the Control Management is insufficient.
  • When the Controls become ineffective.
  • When the Compromises are not observed at a proper time.

In order to develop a sustainable compliance program, our team needs to understand the key processes, stakeholders and the relationships among each.


Thinking like a Hacker


Our team of experts includes a Certified Ethical Hacker who can offer our customers a sight of how a typical hacker thinks. Having a Certified Ethical Hacker in-house helps us anticipate potential data breaches so the damage can be prevented and the costs of an attack eliminated. The approach changes and becomes clearer. An ethical hacker is able to use penetration testing techniques to access networks and computer systems with the purpose of finding and fixing security existing vulnerabilities.


Such a powerful insight allows our expert to work objectively with vulnerabilities observing them before a hacker does.


What benefits do businesses have working with an Ethical Hacker?


  • They can develop and build systems that prevent hackers access and security systems that protect information 
  • They can build preventive strategies measure that will help you avoid security breaches
  • They can secure users and customers information available in business transactions
  • They can test network regularly 
  • They create a higher security awareness 

It’s fundamental that businesses understand how each stage of the control lifecycle influence the processes, operational efficiency, and effectiveness of security controls.


If you intend to get PCI Compliant, schedule a discussion with Andrei Schiop - Business Development Manager and he will provide you with the guidance you need through the process, and with more information about how your business could become more secured and PCI Compliant.