About Sword & Shield
Since 1997 Sword & Shield has been the trusted information security partner for 3000 clients in 50 states and 27 countries around the globe.
We offer comprehensive computer network security services and IT regulatory compliance for business and government. Let us help secure your future.
Request Consultation
PCI Compliance
Can your company withstand a $50,000 fine or the loss of customer trust?
As a PCI Qualified Security Assessor (QSA), Sword & Shield has been assisting merchants with PCI compliance since the early days of the PCI Council’s Data Security Standard (DSS) requirements. We can help you plan, analyze, track and monitor your PCI compliance program, which reduces your costs, saves you time and limits your frustration.
A Sword & Shield consultant will assist your organization in determining the appropriate level of these requirements and guide you through the assessment process until compliance is achieved.
PCI Gap Analysis
PCI On-Site Report on Compliance (ROC)
Self-Assessment Questionnaire (SAQ) Assistance
Large Campus PCI Consultant – SAQ Level 3 and 4
PCI Quarterly Scans or Facilitated Quarterly Scans
PCI Compliance Shield Smart Portal
PCI Annual Network Vulnerability and Penetration Test
PCI Wireless Assessment
PCI Web Application Test
Risk Assessment
Find Out More
Sword & Shield has been outsmarting cyber-criminals and improving security for enterprises around the world since 1997. Fill out our Consultation Request form or call us so we can begin securing your future.
U.S. Toll-free: 800-810-1885
International: 865-244-3500
Case Study – HubWorks Interactive’s iPad-based Ordering System
“Sword & Shield is a powerful partner that understands the intricacies of PCI compliance and how our underlying technology goes above and beyond meeting the minimum standards,” said Mike Peterson with HubWorks Interactive. “The team at Sword & Shield understands the unique challenges within the restaurant and bar industry, and working together, we can offer these establishments a secure system designed to meet their specific needs.”
PCI Gap Analysis (Pre-Audit)
For Level 1 merchants and service providers who are planning their first PCI Audit and facing a full Report on Compliance (ROC) assessment, the task can be overwhelming. The first-year ROC almost always reveals significant gaps in operations, security processes, and controls. Our PCI Gap Analysis/Remediation Plan reviews your security processes and controls against the full PCI DSS without the in-depth control operational testing required by the ROC testing procedures. Our process identifies gaps and creates a remediation plan to allow your organization to concentrate on meeting compliance time lines and budgetary constraints.
PCI On-Site Report on Compliance (ROC)
The ROC provides an independent validation of compliance to customers, card brands and acquiring banks. Our ROC assessments are led by senior security analysts who maintain CISA and CISSP certifications. Our auditors intimately understand the retail and service provider processing models and the idiosyncrasies that make your business unique. We help our clients understand compliance risk, control options and compensating control strategies as they work toward achieving and maintaining PCI compliance.
Self-Assessment Questionnaire (SAQ) Assistance
Sword & Shield provides general PCI-related consulting to assist with the completion of an SAQ and the submission of an Attestation of Compliance (AOC). We can establish a Compliance Center web portal to manage and track responses to questions, post evidence of compliance, and send compliance reports to your acquiring bank. We will help you complete the PCI self-assessment and provide you with practical remediation guidance to help you achieve secure PCI compliance.
Large Campus PCI Consulting – SAQ Level 3 and 4
If your organization uses multiple merchant accounts (universities and hospitals, for example) and services multiple business applications that provide transactions on the level of each merchant account, this may place your organization at a SAQ Level 3 or 4. Your acquiring bank may ask you to roll all the merchant accounts under one or more corporate accounts because of your SAQ level. We can survey your organization to find all of the merchant accounts and determine the method of transmitting, processing and storing payment card information. Through this survey we can find the most cost effective way to manage your PCI compliance.
PCI Quarterly Scans or Facilitated Quarterly Scans
Quarterly scanning by an approved Authorized Scanning Vendor is required for levels 1 – 4 merchants who transmit, store or process credit card data. Sword & Shield resells quarterly scanning services from a number of partners, including Dell SecureWorks and Qualys. We can help you choose an ASV that’s right for you as part of your PCI audit. We can run the scans for you and provide consulting to assist you in remediating the vulnerabilities, as well. Ask us for a quote for a Facilitated ASV Quarterly Scanning Service.
PCI Compliance Shield Smart Portal
If you are a service provider and you are processing payment card charges for a number of merchants, your merchants must, at a minimum, complete an annual SAQ. If you are an organization with a large number of widely dispersed point of sale locations processing payment cards, you are responsible for completing an annual SAQ for each location. Sword & Shield can provide you with a cost-effective way to assist the merchants in completing the appropriate SAQ and conducting quarterly vulnerability scans where required.
PCI Annual Network Vulnerability and Penetration Test
PCI DSS Requirement 11.3.1: PCI Penetration Test: requires the performance of a network-layer penetration test at least once a year and after any significant infrastructure upgrade or modification. For this service, see the Penetration Testing and Vulnerability Assessment page.
PCI Wireless Assessment
If you have wireless access points in your payment card network, PCI DSS Requirement 11.1 may be applicable. This requires you to test for the presence of wireless access points by using a wireless analyzer at least quarterly. For this service, see the Wireless Security Testing page.
PCI Web Application Test
If you have a Website that collects, stores or transmits card data, PCI DSS Requirement 11.3.2 may be applicable. This requires you to perform application-layer penetration testing at least once a year and after any significant application upgrade or modification. For this service, see the Web Security Testing page. For mobile apps, see our Mobile Applications Assessment.
Risk Assessment
PCI DSS Requirement 12.1.2 includes an annual process that identifies threats and vulnerabilities, and results in a formal risk assessment. Examples of risk assessment methodologies include, but are not limited to, OCTAVE, ISO 27005 and NIST SP 800-30. Sword & Shield can include the risk assessment as part of our services, or you can conduct the risk assessment and provide results as evidence to the QSA during the PCI Assessment.
Sensitive Data Discovery Scan
The PCI DSS requirements apply to all of the components of the network containing cardholder data. Therefore, it is important to scan all of the networks to search for cardholder data that may be stored on desktops or back-end accounting systems. A Sensitive Data Discovery Scan will find this cardholder data so that actions can be taken to contain it within the defined cardholder network. Sword & Shield can include the scan in our proposals or you can provide evidence that the cardholder data is contained as described.