The Foregenix team have been closely involved with the Payment Card Industry Data Security Standard (PCI DSS) since its inception, with one of our directors being a significant contributor to the Visa Account Information Security (AIS) program – one of the security programs used to develop the initial version of the PCI DSS.
We understand PCI DSS and we understand the challenges that most businesses have in achieving and maintaining compliance. Our approach is focused on securing your business assets – which includes your customer payment card data.
Our experience in the PCI arena has enabled us to develop a highly successful and effective methodology for helping our clients to manage their risk and achieve PCI DSS Compliance.
We aim to build a lasting relationship with our clients and our services and attitude reflect this approach.
Foregenix was the first assessor in the world to be accredited by the Payment Card Industry Security Standards Council (PCI SSC) to guide and assess payment applications against its Point-to-Point-Encryption (P2PE) standards.
An onsite review and gap-analysis providing a structured framework and guidance to establish a baseline level of compliance.
A thorough review of the application logic to identify any security weaknesses or flaws in the application logic.
Penetration Test services provide a comprehensive and thorough analysis of a network and application's security and thus offer protection against potential compromise.
An evidence gathering session with a P2PE Qualified Security Consultant to complete the final Report of Validation, which is submitted for final approval to the appropriate card schemes and PCI SSC.
The Foregenix PA-DSS services are delivered by one of the industry's leading PA-QSA teams with substantial experience and skills throughout our team. Our approach is consultative-led and we maintain a flexible approach in supporting our clients through the compliance process.
An on-site review and gap analysis providing a structured framework and guidance to establish a baseline level of compliance and to address areas of non-compliance. This essential service forms the basis of a successful compliance program.
A thorough review of the web application logic, with credentials, to identify any security weaknesses or flaws in the application logic. Any issues identified are always explained thoroughly in easy to absorb language and remediation advice is provided.
An on-site evidence gathering session with a Payment Application Qualified Security Consultant (PA-QSA) that leads to the completion of the final Report of Validation. Upon satisfactory completion, the Report is submitted for final approval to the appropriate card schemes and PCI Security Standards Council.
As a PCI Qualified PIN Assessor (PCI QPA), we offer a professional and focused PCI PIN assessment service, utilising personnel with years of industry experience conducting such assessments. Our service is delivered across the UK, North America, CEMEA, LATAM and Asia Pacific Regions.
With years of experience with PCI PIN (and additional PCI standards), we are able to offer our clients well-informed guidance and a well-supported path towards compliance with the PCI PIN standard.
The onsite assessment will include interviews with key personnel, as well as required testing/sampling as defined by the PCI PIN Security Requirements.
This is produced offsite by the Foregenix consultant detailing the findings of the onsite assessment, the report is then passed to the Foregenix QA Service.
In addition, our unique QA Service reviews the content and findings of the report to ensure it is presented to the Card Schemes in its best possible form, thereby making sure that the compliance review process with the Card Schemes is as seamless as possible.
"The QSA was very professional, but despite the seriousness of the audit, he managed to maintain a warm relationship with all team members giving them the opportunity to correct their mistakes. The past 18 months really added a lot of value to us as service provider and as such we were many a time prepared with the required evidence if customers approached us."