Introduction The new era of PCI Compliance is upon us. Our service is new to the Payments Industry and one that has a proven track record to radically transform how clients achieve and sustain PCI compliance. We are the ones that do We bring to the industry 3 key skills and experts that no other firm provide without an extortionate cost to you: Finance/Treasury Experts – Treasury MID Management tool PCI Lawyers - PCI Service Catalogue Technical Design Architects - PCI Compliance Our promise to you is very simple, we will make your organisation PCI Compliant in 12 months. Our key distinction is that we treat PCI compliance as a minimum requirement and set you up to reduce the likelihood of a breach occurring from your merchant ID through your payment channels to your payment suppliers. Due to the fact that we are Payment Compliance Architects, we are the first organisation that can categorically state that we can reduce the cost of your PCI compliance (CAPEX and OPEX) by 50% in 12 months. Our managed service provides you with our Technical Design Authority service, allowing us to review Payment channels, card data flow from merchant ID Acquisition, through the service providers you use, the products and services you use in your payment channels to the reporting of your payment channels to your Acquiring Bank’s PCI compliance team.
Our Selling Points 1
We are Payment Compliance Architects
2
We just don’t make you PCI compliant, we help you reduce the likelihood of a breach occurring
3
We are the 1st service that manages the end to end lifecycle of your Payment channels, from the point you acquire a merchant ID to the point you report your compliance on it.
4
We provide you with our Treasury Merchant ID management tool
5
We take control of your payment policies, procedures and process from end to end
6
We are the ones that do the work to make you PCI Compliant
7
We provide a managed service at a low cost based on a subscription service
8
We undertake to make your organisation PCI compliant in 12 months
9
We manage your end to end PCI estate, from Merchant ID to PCI Compliance reporting
10
We track every merchant ID that you have with each Bank and the associated payment channels
11
We design your payment channel to de-scope your network and client networks
12
We streamline your end to end compliance process
13
We take control of all your payment products and services and ensure they remain compliant
14 We take control of all your 3rd party suppliers to ensure they remain PCI compliant 15
We manage your PCI Assets, PCI Policies, PCI controls, PCI reporting and PCI payment channels.
16 We provide a change management process that allows you to manage all changes to your PCI estate. 17
We create omni-payment channels for your organisation allowing you to generate revenue from your
Are you confident that your PCI Compliance equates to reducing the likelihood of a breach occurring? One of the toughest questions in PCI compliance lifecycle is, will our PCI compliance stand up to the scrutiny of the external assessment of a proper QSA? Not every PCI Attestation of Compliance mean your payment channels are secure, if your payment channel architecture is not secure, you are wasting your money on PCI Our approach is significantly different, we have designed a solution that structures each of your payment channels not only be PCI Compliant but to reduce the likelihood of a breach occurring. This means that we can stand by our work and defend any claim of a breach resulting from the payment channels that we architected for you.
It is the first, QSA approved, PCI architecture to go beyond the simple checkbox exercise of ‘PCI Compliance’ but structure each of your payment channels to reduce to the likelihood of a breach occurring as well as streamline your end to end PCI compliance in order to enable to achieve and maintain your PCI compliance.
Our solution is the first QSA approved method of drastically reducing a merchant’s likelihood of breach occurring and radically reduce the cost of PCI achieving and maintaining PCI compliance. It is the first, QSA approved, PCI architecture to go beyond the simple checkbox exercise of ‘PCI Compliance’ but structure each of your payment channels to reduce to the likelihood of a breach occurring as well as streamline your end to end PCI compliance in order to enable to achieve and maintain your PCI compliance.
Our solution can give such an assurance because of our technical expertise Finance/Treasury Experts – Treasury MID Management tool manages all of your merchant IDs with every Acquiring Bank PCI Lawyers - PCI Service Catalogue – manage your suppliers for each of your payment channels and get them compliance Technical Design Architects - PCI Compliance strategy definition and management
Why are we different? 1 2 3
Finance/Treasury Experts – We start our work from your Financial/Treasury Department where your Merchant ID is acquired PCI Lawyers – our PCI Lawyers review all your contracts to ensure they are in line with your expectations and fair to your operations. These contract reviews start from your contract with your Acquiring Banks, your Payment suppliers and all other suppliers involved Technical Design Architects - Our Technical Design Architects are best placed to help you reduce your PCI scope, reduce your cost of PCI compliance and allow you to maintain and sustain your Compliance. They also define and implement your PCI compliance strategy along with the Change management to any aspect of your Payment channel.
PCI Compliance Strategy PCI Change Management
Acquiring Banks
Merchant IDs & Payment Channels
PCI Control Audits
3rd Party Service Providers
Payment Products & Services
Our Partners Trustwave
Foregenix
https://www.trustwave.com/Home/
https://www.foregenix.com/
Blue Scorpion http://www.bluescorpion.co.uk/
A QSA approved methodology Our QSA has pre-approved our approach and methodology, this means if you follow any of our prescribed approach the results will be the following: Reduce your cost of PCI Compliance by up 50% (CAPEX and OPEX) Reduce each of your payment channels to the minimum requirements Define your PCI compliance strategy Map your PCI estate from Acquiring Bank releasing your merchant ID to PCI Compliance report Reduce or simplify the amount of PCI controls you are required to produce for your compliance Make each of payment channels secure thereby reducing the likelihood of a breach occurring Document all the elements of your PCI estate Define all your PCI Assets and the relevant compliance security and control requirements Automate and streamline your PCI compliance requirement Manage all changes to your PCI estate via PCI change management framework Track all your PCI compliance obligation and ensure compliance.
Our services Definition of your PCI Compliance strategy Managing your end to end PCI Compliance Outsourcing PCI Compliance Project risk assessment 3rd party Supplier compliance management Cloud based payment solution Payment solutions
Definition of your PCI Compliance strategy Have you ever been asked how you would like to take card payments? Have you ever been asked how you would like to achieve compliance? Quite often, merchants are not given the opportunity to answer these questions as they stumble into Payment solutions and as a result they often find themselves retrospectively addressing these questions which often make it more difficult and expensive to achieve. Definition of your PCI Compliance strategy is one of the first tasks we carry out after we have carried out our gap analysis which establishes how and where you take card payment. This sets the foundation for us to formulate a strategy for your environment and define the type of compliance you would like to have and how you wish to manage the compliance across your organisation. Your PCI Compliance strategy therefore acts as the foundation for your PCI estate ensuring you have considered every aspect of your PCI and how you wish it to be implemented. Here are some of the deliverables from our PCI Compliance strategy: Definition of your current Acquiring Banks, merchant IDs and payment channels Creation of the risk register as it relates for each payment channel Formulation of a draft strategy defining How you wish each payment channel to operate –architecturally What SAQ would you like for each payment channel Who will be responsible for generating the controls for each payment channel The pre-approved suppliers for your PCI products and services The approval process for changes your PCI estate Managing your PCI controls and reporting
The Executive Team
Ben Omoakin Oguntala, LLB Law, LL.M Banking and Finance With over 15 years’ Technical Design Authority experience in the industry, my aim is to help you reduce your cost of achieving and maintaining PCI Compliance. To date, I have delivered over 500 PCI Compliance projects and all maintain the PCI compliance.
Forz Khan, Counsel Forz Khan is Head of Chambers at The Chambers of F Khan, with over 28 years call. I assist clients to set their legal and contractual obligations under PCI and ensure that your compliance strategy is enforced with all the suppliers you use. We also assist in PCI Contractual disputes, drafting and reviewing contracts as well as reducing friend fraud of chargebacks.
1 ROYAL EXCHANGE, LONDON EC3V 3DG www.paymentsandco.com
support@paymentsandco.com
07812 039 867
@paymentsandco
To engage our service - https://www.paymentsandco.net/Customer/CustomerRegistration.aspx To register click - https://www.paymentsandco.net/Customer/CustomerRegistration.aspx