We provide extensive PCI consulting for Australian organisations, enabling you to protect cardholder information, and helping you achieve and maintain PCI DSS compliance. We’ve been helping organisations for over 20 years to adhere to the Payment Card Industry Data Security Standard. With our seasoned advice, we can easily guide you through the requirements of each data protection mandate.
Vectra is widely known for providing concise and thorough PCI DSS assessments. We have some of the most experienced Qualified Security Assessors (QSA) in the industry. This is why more than 80% of Australia’s top companies, trust Vectra with their PCI DSS assessments.
We launched our payment card related security compliance services in 2004 through programs with Visa and MasterCard. We became the first Australian company to be certified as a QSA Company (QSAC) by the PCI Security Standards Council when it was formed in 2006. Since that time we’ve assisted thousands of organisations of all sizes in sectors including retail, financial services, insurance, transport, banking, credit unions, building societies, utilities, gaming and third party hosting and service providers.
Ensuring the security of your digital assets has never been more vital. Our expert PCI consultants can provide guidance to ensure your business can achieve all 12 requirements of the Payment Card Industry Data Security Standard (PCI DSS). This includes Level 1 full assessments, assisted self-assessments, gap assessments, design reviews, or general advisory services. Experience a smooth transition to PCI compliance, from initial risk evaluations to the successful setup of essential controls and practices.
Our team of Qualified Security Assessors can assist your organisation to implement robust and advanced data security systems to help secure your customers sensitive card data. We are experienced at helping you to meet the PCI DSS (Payment Card Industry Data Security Standard), with clear guidance and remediation advice designed to help you achieve a successful annual assessment. Our penetration testing and scanning services help complete the requirements for certification.
Payment Card Industry Data Security Standard (PCI DSS) certification might seem overwhelming for enterprises big and small. We offer solutions designed to fit your business through every compliance stage. From detailed gap analysis to forward-thinking compliance oversight, we’re experienced at preparing pragmatic advice for your business to meet and exceed the PCI DSS compliance criteria.
We streamline the entire journey with a structured, practical approach that removes uncertainty and accelerates results. Our specialists guide organisations through every requirement – from scoping and gap analysis to remediation and validation – ensuring controls are implemented efficiently and in alignment with your business operations. With deep expertise across payment environments and a focus on reducing risk without adding unnecessary overhead, we help you meet PCI DSS obligations with confidence.
Payment card industry merchants can prepare for Payment Card Industry Data Security Standard PCI DSS compliance by undertaking a PCI DSS gap assessment. This type of assessment helps to identify, analyse and document any areas of non-compliance with the Payment Card Industry Data Security Standard so that the merchant can remediate any issues prior to applying for a PCI DSS compliance assessment.
ASV (Approved Scanning Vendor) Vulnerability Scanning is a quarterly requirement for many organisations as part of the requirements to maintain their Payment Card Industry Data Security Standard (PCI DSS) compliance. Vectra provides a web based portal that can be easily configured to automate the scanning process as required by PCI DSS, or can allow scans to be run on an ad-hoc basis when required.
As a pioneer in Australia client-side security, we’re specialists in helping clients address the new requirements for PCI DSS 6.4.3 and 11.61. These new standards introduce new requirements to properly secure Cardholder Data (CHD) and Sensitive Authentication Data (SAD). It becomes effective on March 31, 2025.
Learn more about our script monitoring services here.
Penetration testing is a core PCI DSS requirement, verifing that your security controls are working against real‑world attack techniques. Our pentesting services provide assurance that the cardholder data environment is properly protected. Our assessments are design to help you stay compliant, reduce risk, and maintain strong, validated security for all payment data.
Learn more about our pentesting services here.
Before diving into the Payment Card Industry Data Security Standard requirements, you will also want to find out which Self Assessment Questionnaire (SAQ) applies to your business. While most requirements will stay the same, there are some differences in the work you’ll need to do based on your SAQ.
The current PCI DSS standard has twelve core requirements that are divided into six distinct control objectives. It’s imperative for businesses, regardless of size, to thoroughly understand and adhere to these requirements to maintain a level of data security that aligns with best practice methodology. Organisations looking to obtain and maintain PCI DSS compliance must meet or exceed these requirements on an ongoing basis.
Objectives | PCI DSS Requirements |
|---|---|
Build and Maintain a Secure Network and Systems | 1. Install and maintain a firewall configuration to protect cardholder data 2. Do not use vendor-supplied defaults for system passwords and other security parameters |
Protect Cardholder Data | 3. Protect stored cardholder data 4. Encrypt transmission of cardholder data across open, public network |
Maintain a Vulnerability Management Program | 5. Protect all systems against malware and regularly update anti-virus software or programs 6. Develop and maintain secure systems and applications |
Implement Strong Access Control Measures | 7. Restrict access to cardholder data by business need to know 8. Identify and authenticate access to system components 9. Restrict physical access to cardholder data |
Regularly Monitor and Test Networks | 10. Track and monitor all access to network resources and cardholder data 11. Regularly test security systems and processes |
Maintain an Information Security Policy | 12. Maintain a policy that addresses information security for all personnel |
What is PCI DSS?
Every organisation, anywhere in the world, that stores, processes or handles payment card data is required to be Payment Card Industry Data Security Standard (PCI DSS) compliant . This standard was designed to increase cardholder data protection to dramatically reduce credit card fraud. It doesn’t matter how few transactions your business or organisation has. It doesn’t matter if all your payments are handled by third-party payment processors. It doesn’t matter if the credit card is never stored on your servers, you still need to be PCI DSS compliant by meeting the requirements that are set out in the standard.
Payment Card Industry Data Security Standard (PCI DSS) compliance is, at its core, a contractual agreement between your organisation or business and the financial institution that handles the payments.
The PCI DSS has 12 requirements that have a clear focus on using secure systems. Implementation of the standard will depend on the size and nature of your business or organisation, the way in which you are configured to accept and process card payments, and the services providers you work with and their roles in the payment process.
How do you comply with the PCI DSS?
Compliance reporting for small merchants can be as simple as completing a Self-Assessment Questionnaire (SAQ) while for larger merchants and third party service providers, annual assessments must be conducted by a Qualified Security Assessor (QSA) Company such as Vectra Corporation or a PCI SSC certified Internal Security Assessor (ISA). If you have internet facing IP addresses you may be required to conduct network vulnerability scanning utilising an Approved Scanning Vendor (ASV) certified by the PCI Security Standards Council. The compliance requirements and how often compliance needs to be validated depends on the number of annual transactions processed by your business or organisation.
What are the Merchant Levels and PCI DSS Compliance Requirements?
Merchant levels are assigned by the Acquirer based on transaction volume. We can support categorisation based on what the bank’s expectations are and the relevant card scheme requirements. Your merchant level will determine the PCI DSS compliance requirements that your organisation will need to meet.
