PCI DSS

If your company accepts or processes payment cards, the Payment Card Industry Data Security Standard (PCI DSS) applies to you. For companies that store, process, transmit or could affect the security of cardholder data, Weaver conducts data security assessments and assists in complying with stringent PCI DSS standards.

Featured

Trending
Insights & Resources

Article

From Reactive to Resilient: What Cyber Insurance Trends Reveal About Cybersecurity Maturity

Cyber insurers are raising the bar on security. Learn what underwriting trends reveal about organizational resilience and how leaders can prepare.

Webinar

PCI Roadmap: Notable Roadblocks and Potholes | Webinar

During this on-demand session, we discuss near-universal concerns when implementing the 2025 requirements, pain points becoming more common with legacy requirements and more.

Webinar

AI in Cybersecurity: Hype, Hope and Hard Truths | Webinar

This on-demand session explores meaningful use cases for AI in Cybersecurity, and more broadly, our work approach, while not losing sight of the risks we need to be mindful of along the way.

Article

When Ghost Students Target Financial Aid Systems

Colleges face rising fraud from “ghost students.” Learn how to detect fake enrollments, strengthen controls and protect aid funds.

Webinar

Cloud Security: Old Problems, New Threats and What Still Needs Fixing | Webinar

This on-demand session explores the evolving landscape of cloud security by highlighting both persistent foundational risks and emerging threats.

Webinar

Privacy Foundations: A Fireside Chat on Frameworks and First Steps | Webinar

During this on-demand session, we explore how organizations new to privacy can build a strong foundation using proven frameworks like the NIST Privacy Framework and ISO 27701.

Explore all insights

Our Qualified Security Assessors (QSA) can ensure that your organization meets and adheres to the following PCI DSS goals and requirements:

Build and maintain a secure network and systems using firewalls to protect cardholder data, and ensure that vendor-supplied defaults for system passwords and other security parameters are not used.
Protect cardholder data and encrypt its transmission across open, public networks.
Maintain a vulnerability management program with secure systems and applications, plus regular updates to anti-virus software and programs.
Implement strong access control measures by restricting access to cardholder data (both electronic and physical) on a “need to know” basis.
Regularly monitor and test networks and track all access to cardholder data.
Maintain an information security policy that addresses information security for all personnel.

Why comply? And why engage a QSA?

All merchants that accept credit card payments are required to comply with the DSS, even if they have outsourced payment processing. Engaging a QSA can help ensure your company stays in accordance with the contracted terms of your acquirer.
Third-party providers of certain services to merchants may need to assess their own compliance with DSS in order to provide those merchants assurance with regard to the outsourced services.
Compliance with the DSS establishes a solid baseline for security practices as it relates to the cardholder data environment (CDE). The DSS aligns well with other security standards (e.g. ISO 27001, NIST SP 800-53) and can easily be extrapolated across the rest of your organization.

Visit the PCI DSS website for more information on the goals and requirements.

Meet the team

Our leaders

David Friedenberg

Director, IT Advisory Services

Brian Thomas

National Practice Leader, Advisory Services

PCI DSS

Trending Insights & Resources

Our Qualified Security Assessors (QSA) can ensure that your organization meets and adheres to the following PCI DSS goals and requirements:

Why comply? And why engage a QSA?

Our leaders

Trending
Insights & Resources