Why self-assess PCI DSS?
Are you an e-merchant and carry out less than 6 million banking transactions? Do you store, process or transmit bank data? Does your bank ask you to comply?
How does it works ?
Fonctionnalities
-
SaaS application developed by XMCO QSA experts
-
Practical advice at every step
-
No technical vocabulary
-
Contextualization of questions according to your business
-
Complete French translation
-
A pre-populated SAQ detailing all PCI DSS requirements
-
Downloadable SAQ
-
Educational training modules to train your teams
-
Quizzes to test your knowledge
You are in good hands
XMCO is present in all major business sectors in France. We owe the trust our customers place in us to an ambitious quality approach.
-
“8 years of collaboration with XMCO”
What made the difference compared to other PCI players was the understanding of our business and its challenges, but also the technical knowledge of XMCO consultants. We have been able to establish a relationship of trust and we benefit from a personalized approach and a strong reactivity on their part.
Grégoire Maux
Head of Operational Security Team – Monext
-
“CDiscount, one of the first French e-commerce sites to obtain PCI DSS certification”
This certification has an important strategic advantage by reassuring our current and future customers of our ability to protect their key assets.
Sarah Letri
IT Compliance Manager – CDiscount
-
“Being PCI DSS certified is inherent to our business model”
With XMCO we have constructive dialogues, feedback from competent consultants. All recommendations and justifications are relevant. It’s quite pleasant!
Arthur
Security Engineer and PCI DSS Manager – PayPlug
-
“PCI DSS by design!”
We have chosen, from the outset, to be accompanied by XMCO on the PCI DSS, the level of service is excellent and we always have relevant explanations.
Franck Mechineau, CEO and Co-founder and Christophe LeCoq, CISO
VoxPay
You have questions?
-
Why should companies submit to the PCI DSS compliance process?
The bank card is the most widely used means of payment by e-merchants and for dematerialized sales. But payment and bank card data is an area that is subject to a lot of threats. PCI DSS is a global payment card data security standard, created and recognized by bank card operators. This is why PCI DSS is essential for companies that record transactions. His respect allows to establish trust with his bank, his partners, and the customers who pay online.
-
Is certification compulsory?
No, and moreover the certification process is rarely voluntary! It is often at the request of banks and service providers, or by fear of the GDPR that the CB payment platform adopted by the merchant must meet PCI DSS compliance requirements. This is why some merchants adopt the strategy of going through certified service providers, to whom they transfer the responsibility for the payment process. Other strategies can also be adopted, such as not going for certification… However, if the company wants to manage payments, it is strongly advised to adhere to the PCI DSS standard.
-
What if the self-assessment offered by Evidence is not enough?
For cases that come out of the SAQ boxes, we offer support. Going through a consulting firm, unlike the SAQ self-assessment, allows the issuance of a certificate signed by a QSA2 firm which ensures a transfer of responsibility and compliance with partners and banks.