Your Compliance Partner
PCI DSS

The Payment Card Industry (PCI) has established stringent Data Security Standards (DSS) that Merchants and Service Providers must adhere to when handling credit card data, regardless of transaction volume. Kyte, a Qualified Security Assessor Company, offers its services to businesses across various regions, helping them achieve PCI DSS compliance complimented by services like quarterly vulnerability scans and Attack and Penetration Testing.

The Payment Card Industry (PCI) developed Data Security Standards (DSS) which Merchants and Service Providers, who process, transmit or store credit card data, are required to strictly adhere to. Irrespective of the amount of credit card transactions a merchant or service provider handles they are required to comply with the PCI DSS.

Kyte Global is a validated Qualified Security Assessor Company and can offer their services to merchants and service providers in all of Europe, Middle East and Africa, USA, Latin America, Asia as well as other regions. Kyte can assist you in becoming fully compliant and/or can review your operation to certify that you are PCI DSS compliant.

One of the requirements is to have a quarterly scan by an Approved Scanning Vendor to test for vulnerabilities on your website. Kyte Global can provide you with this service as a subscription to our online scanning portal.

The importance of Attack & Penetration Testing

Another very important requirement of PCI DSS is to conduct Attack and Penetration Testing. We are proud to be able to offer this service not only as a means to satisfy the requirement but to ensure there any holes in the system are patched timely. The penetration test involves a considerable amount of manual testing. Testing is conducted both externally and internally and can take the form of white box or black box. Network as well as application layer tests are conducted as part of the exercise. We are confident that customers will find our fees for such a service extremely competitive. Testing will be carried out based on the latest version of the PCI DSS.

We can assist you with PCI DSS Compliance as well as Certification. We know very well that a one-size fits all approach in interpreting PCI DSS requirements does not work. It is this approach adopted by some assessors in fact, which causes many companies to go over time and over budget in their efforts to achieve compliance. We believe that each company has to be assessed by taking into consideration its size, resources, business constraints and risk exposure.

SAQ (Self-assessment Questionnaires)

SAQ A, A-EP, B, B-IP, C, C-VT, P2PE-HW, D

For merchants that are obliged to validate compliance through a Self-Assessment Questionnaire, we are happy to be of service by assisting with understanding the intent behind the requirements, validating whether requirements are actually in place or not and work with the merchant on implementing solutions. Although this is not a certification and hence does not involve a considerable amount of testing, we will walk with you for the entire project until successful competition.

PCI PIN

For merchants that process or transmit personal identification numbers (PIN), the PCI Council has published the PIN Security requirements. Kyte is a Qualified PIN Assessor (QPA) and can perform assessments to determine whether organizations are securely managing, processing, and transmitting PIN data during online and offline payment card transactions. An important part of the PIN assessment involves testing of the encryption and key management of PIN transactions, as well as the secure management of processing equipment. The requirement for PIN assessments is such that QPA’s (auditors) need to be rotated after 2 assessments. Contact us if you would like us to perform your next assessment.

3DSecure (PCI 3DS)

Kyte is also validated as a PCI 3DS assessor and can provide Issuers, Acquirers as well as Processors with certification under the PCI 3DS Standard. This certification applies to all those entities who operate under the EMV Co specification.

CaaS (Compliance as a Service)

Our experience in conducting PCI DSS assessments has showed us that despite all the good intentions, companies fail to carry out their compliance tasks diligently, especially when these involve tasks that have to be carried out at given dates. Failure to carry out a tasks on time can have serious consequences, not only because it could results in absence of certain controls which can put the company at risk, but also failure to achieve compliance when the certification renewal date approaches.

Kyte has come up with a service that encompasses all those tasks that are often forgotten or else not carried out in a timely fashion. This service, which is termed Compliance as a Service, sees Kyte working with your team to make sure no requirement is left out. This service is provided in a way as to not constituting a conflict when we are also your assessors.

The service includes:

  • Quarterly vulnerability scanning
  • Annual training in Secure Coding, Security Awareness and Incident Response
  • Reminders and follow up on all those tasks to be carried out monthly, quarterly, six-monthly and yearly
  • Incident Response in case of a security event or a breach by making a security engineer available within a few hours.

FAQs

Can I choose whether to go for full certification or an SAQ?

This usually depends on the Acquirer. Service providers are usually required to undergo a level 1 onsite assessment. The validation method for a merchant is usually dependant on the volume of transactions processed. Any entity processing 6million transactions and over need to carry out an onsite assessment as an SAQ would not be adequate.

Is an SAQ easier than a full certification? Can I choose to validation through an SAQ and plan for a certification at later date?

This depends on whether you are even eligible for an SAQ or not. If you are eligible for an SAQ, you would need to determine which SAQ is right for you, based on the nature of your credit card processing. For the sake of this question, it is pertinent to note that an SAQ D contains all the requirements that are requested for an onsite assessment and consequently the same effort is required to comply. The only difference is that an onsite assessment requires an audit which involves detailed testing by your QSA. The plus side is that for the same effort, an onsite assessment results in a certification whereas an SAQ does not.

You may also be interested in:

We're always a click, email or phone call away.

Let’s get in touch

Raising standards since 2006.

Kyte Global, with clients in over 65 countries has established itself as a unique company providing a one-stop-shop to all your information security and compliance requirements.

At Kyte Global we attempt to add value in everything we do. Our services have evolved as a result of the growing needs of our clients. Regulations keep getting stricter, compliance requirements keep getting more onerous and clients find themselves spending more time addressing these issues rather than focusing on their business. At the same time, resources with the right knowledge and experience are hard to come by. Kyte Global tries to tackle these issues by providing a one stop shop to all the client’s needs. Kyte Global understands that Compliance is an effective way of ensuring that controls are implemented.

Internally, Kyte Global is organised in teams, each dedicated to a specific service, usually revolving around a specific standard or regulation. Some of these are PCI DSS, ISO 27001, GDPR, Internal Audit, AML, Gaming, Penetration Testing, Training to name a few. Each team is made up of trained professionals, all experts in their own field.

Over the years, Kyte Global has established partnerships with suppliers that develop and implement industry leading solutions so that it can make recommendations to clients who require such services or products. Kyte is proud to have a network of partners that can assist its clients, big or small, in virtually all of the industries it operates in.

Who We Are Contact Us
>

News & Insights

Stay informed with our dynamic News and Insights section, where we share timely updates, industry trends, and expert perspectives to keep you ahead of the curve and informed about the latest developments in the field. Explore a wealth of valuable resources that empower you with knowledge and actionable insights for informed decision-making.

Kyte Global's Irish Bar Legacy Lives on at SiGMA
Thursday, 23rd November 2023

Kyte Global made its triumphant return at SiGMA 2023, upholding its tradition of extending a warm welcome to both familiar faces and new connections while showcasing our Information Security and Compliance Services. The event once again proved to be an excellent platform for engaging with clients, partners, and industry experts, fostering meaningful discussions on the critical industry aspects.

Continue reading
Kyte Global's Debut in Asia: A Resounding Success at Cyber Security World Asia, Singapore
Wednesday, 18th October 2023

The world of cybersecurity knows no boundaries, and in the spirit of expanding horizons and forging new connections, Kyte Global, presenting its credentials to the Asian market at Cyber Security World Asia (CSWA) in Singapore. This has been marked by invaluable encounters with attendees, the elevation of brand visibility, and the promise of exciting opportunities and partnerships.

Continue reading
Strengthening Cybersecurity: Kyte Global Exhibits at Cyber Security World Asia, Singapore
Thursday, 17th August 2023

We are delighted to share that Kyte Global will be exhibiting at the highly renowned Cyber Security World Asia 2023 event, to be held in Singapore. As a company at the forefront of safeguarding businesses against cyber threats, we are excited to extend our presence to Asia and participate in this prestigious event.

Continue reading