PCI CONSULTING AUSTRALIA is an accredited Qualified Security Assessor (QSA) firm  as recognised by the PCI Security Standards Council. Our personnel all have over 5 years dedicated PCI experience as QSAs or consultants in their own right with a mix of technical, project management, auditing, and banking experience.

QSAs are regarded as the industry experts who can provide final certification to entities involved in storing, processing or transmitting cardholder data.

We maintain a loyal client base from previous project work including charities, government entities, service providers, and technology companies.

We believe that PCI DSS compliance is much more than an IT project. A common mistake businesses make is lumping the entire project on IT, getting 70% there and getting stuck as there’s no buy-in from finance, operations and all other personnel handling cardholder data. Our approach is to not only define the Cardholder Data Environment (CDE) but work with key stakeholders so that the business as a whole embraces the PCI concept, thus ensuring ongoing compliance is maintained.

The PCI Security Standards Council (PCI SSC) dictates that QSAs have IT experience in a number of different fields. That can result in some QSAs having supreme technical knowledge but cannot run a project! We believe in the personal touch and working with clients to achieve their compliance goals.

If you had to sum us up in one word it would be ‘pragmatic’. It’s often used when clients refer us to other contacts. Some of the PCI Requirements are ironclad (no storage of CVV, quarterly external scans) but many are interpretive so we strive to find the best solution that answers the key question without breaking the bank balance: ‘Is it secure?’

Our strength is in many areas including IT, project management, Acquirer and Card Scheme industry awareness, and of course superior customer service. It’s one thing to tell someone they’re non-compliant. It’s another to assist in devising realistic solutions. A QSA who merely assesses without offering support isn’t much use to you in our book!

We also have a technical team to assist with implementations, architecture, configuration settings, or setting up alerting and scanning tools. We also have a suite of policies to offer as templates to shape to fit your environment.

We are accredited to complete assessments in all of Asia-Pacific but our personnel are all Australian based. We are actively assessing in New Zealand and are happy to travel.

We also offer expertise in ISO 27001 and GDPR spaces as a value-add service due to client demand, and their increasing compliance needs. We recruited specialist consultants in 2019 to diversify our offerings.