Your Compliance Partner
PCI DSS

The Payment Card Industry (PCI) has established stringent Data Security Standards (DSS) that Merchants and Service Providers must adhere to when handling credit card data, regardless of transaction volume. Kyte, a Qualified Security Assessor Company, offers its services to businesses across various regions, helping them achieve PCI DSS compliance complimented by services like quarterly vulnerability scans and Attack and Penetration Testing.

The Payment Card Industry (PCI) developed Data Security Standards (DSS) which Merchants and Service Providers, who process, transmit or store credit card data, are required to strictly adhere to. Irrespective of the amount of credit card transactions a merchant or service provider handles they are required to comply with the PCI DSS.

Kyte Global is a validated Qualified Security Assessor Company and can offer their services to merchants and service providers in all of Europe, the Middle East and Africa, USA, Latin America, Asia as well as other regions. Kyte can assist you in becoming fully compliant and/or can review your operation to certify that you are PCI DSS compliant.

One of the requirements is to have a quarterly scan by an Approved Scanning Vendor to test for vulnerabilities on your website. Kyte Global can provide you with this service as a subscription to our online scanning portal.

The importance of Attack & Penetration Testing

Another very important requirement of PCI DSS is to conduct Attack and Penetration Testing. We are proud to be able to offer this service not only as a means to satisfy the requirement but to ensure there any holes in the system are patched timely. The penetration test involves a considerable amount of manual testing. Testing is conducted both externally and internally and can take the form of a white box or black box. Network as well as application layer tests are conducted as part of the exercise. We are confident that customers will find our fees for such a service extremely competitive. Testing will be carried out based on the latest version of the PCI DSS.

We can assist you with PCI DSS Compliance as well as Certification. We know very well that a one-size fits all approach in interpreting PCI DSS requirements does not work. It is this approach adopted by some assessors in fact, which causes many companies to go over time and over budget in their efforts to achieve compliance. We believe that each company has to be assessed by taking into consideration its size, resources, business constraints and risk exposure.


SAQ (Self-assessment Questionnaires)

SAQ A, A-EP, B, B-IP, C, C-VT, P2PE-HW, D

For merchants that are obliged to validate compliance through a Self-Assessment Questionnaire, we are happy to be of service by assisting with understanding the intent behind the requirements, validating whether requirements are actually in place or not and work with the merchant on implementing solutions. Although this is not a certification and hence does not involve a considerable amount of testing, we will walk with you for the entire project until successful competition.

PCI PIN

For merchants that process or transmit personal identification numbers (PIN), the PCI Council has published the PIN Security requirements. Kyte is a Qualified PIN Assessor (QPA) and can perform assessments to determine whether organizations are securely managing, processing, and transmitting PIN data during online and offline payment card transactions. An important part of the PIN assessment involves testing of the encryption and key management of PIN transactions, as well as the secure management of processing equipment. The requirement for PIN assessments is such that QPA’s (auditors) need to be rotated after 2 assessments. Contact us if you would like us to perform your next assessment.

3DSecure (PCI 3DS)

Kyte is also validated as a PCI 3DS assessor and can provide Issuers, Acquirers as well as Processors with certification under the PCI 3DS Standard. This certification applies to all those entities who operate under the EMV Co specification.


CaaS (Compliance as a Service)

Our experience in conducting PCI DSS assessments has showed us that despite all the good intentions, companies fail to carry out their compliance tasks diligently, especially when these involve tasks that have to be carried out on given dates. Failure to carry out a tasks on time can have serious consequences, not only because it could result in absence of certain controls which can put the company at risk, but also failure to achieve compliance when the certification renewal date approaches.

Kyte has come up with a service that encompasses all those tasks that are often forgotten or else not carried out in a timely fashion. This service, which is termed Compliance as a Service, sees Kyte working with your team to make sure no requirement is left out. This service is provided in a way as to not constitute a conflict when we are also your assessors.

The service includes:

  • Quarterly vulnerability scanning
  • Annual training in Secure Coding, Security Awareness and Incident Response
  • Reminders and follow up on all those tasks to be carried out monthly, quarterly, six-monthly and yearly
  • Incident Response in case of a security event or a breach by making a security engineer available within a few hours.

FAQs

Can I choose whether to go for full certification or an SAQ?

This usually depends on the Acquirer. Service providers are usually required to undergo a level 1 onsite assessment. The validation method for a merchant is usually dependent on the volume of transactions processed. Any entity processing 6 million transactions and over need to carry out an onsite assessment as an SAQ would not be adequate.

Is an SAQ easier than a full certification? Can I choose to validation through an SAQ and plan for a certification at a later date?

This depends on whether you are even eligible for an SAQ or not. If you are eligible for an SAQ, you would need to determine which SAQ is right for you, based on the nature of your credit card processing. For the sake of this question, it is pertinent to note that an SAQ D contains all the requirements that are requested for an onsite assessment and consequently, the same effort is required to comply. The only difference is that an onsite assessment requires an audit which involves detailed testing by your QSA. The plus side is that for the same effort, an onsite assessment results in a certification whereas an SAQ does not.

Raising standards since 2006.

Kyte Global, with clients in over 65 countries has established itself as a unique company providing a one-stop-shop to all your information security and compliance requirements.

At Kyte Global we attempt to add value in everything we do. Our services have evolved as a result of the growing needs of our clients. Regulations keep getting stricter, compliance requirements keep getting more onerous and clients find themselves spending more time addressing these issues rather than focusing on their business. At the same time, resources with the right knowledge and experience are hard to come by. Kyte Global tries to tackle these issues by providing a one stop shop to all the client’s needs. Kyte Global understands that Compliance is an effective way of ensuring that controls are implemented.

Internally, Kyte Global is organised in teams, each dedicated to a specific service, usually revolving around a specific standard or regulation. Some of these are PCI DSS, ISO 27001, GDPR, Internal Audit, AML, Gaming, Penetration Testing, Training to name a few. Each team is made up of trained professionals, all experts in their own field.

Over the years, Kyte Global has established partnerships with suppliers that develop and implement industry leading solutions so that it can make recommendations to clients who require such services or products. Kyte is proud to have a network of partners that can assist its clients, big or small, in virtually all of the industries it operates in.

>

News & Insights

Stay informed with our dynamic News and Insights section, where we share timely updates, industry trends, and expert perspectives to keep you ahead of the curve and informed about the latest developments in the field. Explore a wealth of valuable resources that empower you with knowledge and actionable insights for informed decision-making.

Kyte Global at Seamless Middle East
Wednesday, 22nd May 2024

Kyte Global's team actively participated in Seamless Middle East. The event provided a valuable platform to connect with industry leaders and explore the latest trends in information security and compliance. Kyte Global showcased its expertise in ISO 27001, PCI DSS, and SOC 2 compliance, all crucial for building trust and ensuring secure transactions in the digital sphere. By attending Seamless Middle East, Kyte Global positioned itself as a vital partner in the journey towards a more secure and sustainable digital future.

Continue reading
Kyte Talks Insights in Information Security and Compliance
Thursday, 16th May 2024

Kyte Global is proud to announce the inauguration of Kyte Talks, a series of formal discussions designed to elucidate the dynamic landscape of information security and compliance. These enriching sessions will convene esteemed industry experts to share their knowledge and address critical issues confronting businesses in today's environment.

Continue reading
Bridging the Gap How ISO 27001 Compliance Paves the Way for DORA Success
Friday, 22nd March 2024

DORA aims to ensure that financial institutions possess the operational resilience to withstand and recover from disruptions, including cyber attacks. This aligns perfectly with the risk-based approach advocated by ISO 27001, which establishes an Information Security Management System (ISMS) to identify, assess, and mitigate information security risks.

Continue reading