In this article GetPCI project manager Dmitrii Petrashchuk will answer 15 questions on the PCI DSS standard certification.
Due to his answers, you can get more information about what all business representatives should pay attention to before undergoing the certification.
What is the GetPCI project? What purpose was it created for?
We set up the GetPCI project (getpci.com) in the beginning of 2017. We have understood that there are almost no websites in Ukraine that would tell in plain language the representatives of small and medium business about the PCI DSS standard and necessity to protect the payment card data.
The consulting market for the PCI DSS certification has been already developed, but it was always concentrated on the large businesses – big banks, processing centers and payment gateways. And the small business representatives (trading and travel companies, hotels, shops and web portal developers) were often lack of information source about security in the field of payment cards and the procedure for undergoing the PCI DSS standard certification.
Our project GetPCI provides complete information to absolutely any type of business.
And it’s very important for the executives and business representatives to be in the picture about it before ordering the services for undergoing the PCI DSS standard certification for their companies. After all, there are often cases when companies, without knowing the necessary information about the PCI DSS standard, spend a lot of money inappropriately.
What is the PCI DSS standard?
VISA and MasterCard payment systems have developed a number of requirements. These requirements must be met by everyone who accepts payment cards or participates in the data processing. PCI DSS is a security standard, so it is very important for the companies to comply with it.
What services do you provide your clients with?
Our clients are lucky, as they can get the widest range of services. All services are aimed at helping to improve the company’s safety and security.
In addition to the audit and PCI DSS standard certification, we assess security of the company’s network and applications, identify and analyze vulnerabilities. Another very important service is the investigation into incidents, such as virus infection or data theft.
We offer our customers the internal policy development and advice on all cybersecurity issues.
In the field of cybersecurity, we can provide our customers with absolutely any kind of service in accordance with the law.
Who are your customers?
Our customers are all those companies that are trying to develop their business, looking for new opportunities and ready to do it in the same way like the whole modern business world does.
These are the companies which consider cybersecurity not as a limitation but as an incentive for the development or a way for the new opportunities.
What do your customers get as a result?
Cooperating with us, our clients get confidence that the data of these companies and their customers are protected. They have no need to worry because they have undergone the PCI DSS certification, their business is protected and there should be no problems with the regulatory authorities: VISA, MasterCard, IATA, etc.
What additional benefits will the client, who has decided to complete the PCI DSS certification, reap?
The benefits are evident: the general increase in the company’s business resilience against cyber attacks and other security violations.
As an example, the case which happened to one of our clients (it is a bank whose name we will keep quiet). In June 2017 there was a large-scale hacking attack in Ukraine which affected thousands of companies, including our client. But that part of the bank network which processes the card data was not affected by the virus. It had previously undergone the certification of compliance with the PCI DSS standard. The business kept running.
It suggests that there are a lot of benefits. And they are especially tangible when companies bite the bullet of hacking attacks.
Who is your team? What kind of people are they?
We have gathered a team of true professionals, each of them has from 5 to 20 years of experience in various industries: trade, finance, production, government institutions.
Each of them has a certificate confirming the high qualification in this or that area. Some auditors have not only the certificates related to the PCI DSS standard, but also 5-6 certificates confirming the high qualification in other areas of information security.
Why are you involved with this project?
I have been advising various companies on cybersecurity since 2003.
When the PCI DSS standard appeared in 2007, I have added it to my arsenal as the most practical and concise set of requirements.
It gives me great pleasure to see with my own eyes how the cybersecurity of Ukrainian companies is enhancing and I also understand that I make a certain contribution to the development of my country.
What goals does your team have? What level do you want to reach in this business?
Our goal is to become a source of information about the PCI DSS standard, number one in Ukraine. We have got not only launching the getpci.com portal lined up, but also conducting trainings, seminars, webinars, publishing articles, creating information booklets and, of course, launching a YouTube channel.
We are going to create a lot of projects and establish ourselves as a leader in this market niche.
What would you warn your future customers against?
Those companies which are thinking about cybersecurity or planning to get the PCI DSS certificate should be very careful about choosing a service provider in this field. It’s necessary to preliminary drill everything down, not to chase the cheap offer, because you can get the result you didn’t expect or just spend money for nothing.
It is very important for the business representatives to understand that the PCI DSS certificate is not a formal information sheet; it’s the real testament to the fact that the company is actually concerned about its safety.
Each company is concerned about saving its budget, is it possible to set up the cybersecurity system with a limited budget?
You can set up the cybersecurity system with any budget. Everything depends on how much resources and time the company is ready to allocate, what part of the structure it is ready to place under the external consultants’ control.
The successful businessmen understand that in order to remain successful they need to concentrate on their core business processes. And all the issues related to the safety precautions and passing though the PCI DSS standard certification can be provided to the professionals.
Can your customers expect the discounts?
Our company offers a discount system for the customers who undergo the PCI DSS standard certification repeatedly or sign the long-term contracts with us.
We also have the special promotions related to our outreach activities: seminars, webinars, etc. We offer our customers the attractive prices there.
What do you do if you realize that you can’t finish your job on time?
Setting up the cybersecurity system and the PCI DSS standard certification are the processes which both parties – the consultant and the customer – take part in. That’s why, we’ve developed the flexible deadlines for undergoing the certification. It was done in order to enable our customers to optimally allocate their time and resources.
Even if there are some delays, it’s due to the fact that the customer eliminates everything that doesn’t meet the standard requirements for a long time. We meet our commitments on time and do our best to make it convenient and comfortable for the customer to cooperate with our company.
A businessman, who wants to buy a small shoe store chain, has applied to your company. What can you advise him, what he should pay his attention to?
First of all, he should open an online store. It’s worth paying attention to the convenience of payment methods in the store and on the website, so that customers can easily pay by using VISA payWave and MasterCard paypass systems.
If this businessman plans to sell shoes to people under forty, he needs to build a mobile app.
And most importantly, it’s necessary to find the professionals who will help to analyze all threats and risks, and set up a cyber defense system. It is very important to undergo the PCI DSS certification, which guarantees the business security.
Is there any advice you can give to the future customers?
It’s always necessary to understand that cybersecurity becomes more expensive in course of time. If the computer system of your company is hacked, it will cost you much more than creating your own security system and undergoing the PCI DSS standard certification.
Read more in the blog