Skip to content


Effective, knowledgeable, discreet.

Optomony-300x78 (1)

Our team is the heart of what we do

The Foregenix team have been closely involved with the Payment Card Industry Data Security Standard (PCI DSS) since its inception, with one of our directors being a significant contributor to the Visa Account Information Security (AIS) program – one of the security programs used to develop the initial version of the PCI DSS.

We understand PCI DSS and we understand the challenges that most businesses have in achieving and maintaining compliance. Our approach is focused on securing your business assets – which includes your customer payment card data.

Our experience in the PCI arena has enabled us to develop a highly successful and effective methodology for helping our clients to manage their risk and achieve PCI DSS Compliance.

We aim to build a lasting relationship with our clients and our services and attitude reflect this approach.

Security first, then compliance.


World-leading P2PE experts

Foregenix was the first assessor in the world to be accredited by the Payment Card Industry Security Standards Council (PCI SSC) to guide and assess payment applications against its Point-to-Point-Encryption (P2PE) standards.

Our P2PE Certification Services include:

Pre-Compliance/Gap Analysis

An onsite review and gap-analysis providing a structured framework and guidance to establish a baseline level of compliance.


Penetration Testing

Penetration Test services provide a comprehensive and thorough analysis of a network and application's security and thus offer protection against potential compromise.


Application Testing

A thorough review of the application logic to identify any security weaknesses or flaws in the application logic.


Final Compliance Audit

An evidence gathering session with a P2PE Qualified Security Consultant to complete the final Report of Validation, which is submitted for final approval to the appropriate card schemes and PCI SSC.

PA-DSS Compliance

The Foregenix PA-DSS services are delivered by one of the industry's leading PA-QSA teams with substantial experience and skills throughout our team. Our approach is consultative-led and we maintain a flexible approach in supporting our clients through the compliance process.

Foregenix provide an experienced, well-supported PA-DSS Compliance Service.

Pre-Compliance/Gap Analysis

An on-site review and gap analysis providing a structured framework and guidance to establish a baseline level of compliance and to address areas of non-compliance. This essential service forms the basis of a successful compliance program.

Web Application Testing

A thorough review of the web application logic, with credentials, to identify any security weaknesses or flaws in the application logic. Any issues identified are always explained thoroughly in easy to absorb language and remediation advice is provided.

Final Compliance Audit

An on-site evidence gathering session with a Payment Application Qualified Security Consultant (PA-QSA) that leads to the completion of the final Report of Validation. Upon satisfactory completion, the Report is submitted for final approval to the appropriate card schemes and PCI Security Standards Council.

The PA-DSS programme will sunset October 2022 and at the moment, only administrative, low and high impact changes are supported to currently listed payment applications.The PCI SSC has introduced the PCI Software Security Framework (SSF) to replace the PCI Payment Application Data Security Standard (PA-DSS). Click below to learn more:


PCI QPA (PCI PIN Compliance)

As a PCI Qualified PIN Assessor (PCI QPA), we offer a professional and focused PCI PIN assessment service, utilising personnel with years of industry experience conducting such assessments. Our service is delivered across the UK, North America, CEMEA, LATAM and Asia Pacific Regions.

With years of experience with PCI PIN (and additional PCI standards), we are able to offer our clients well-informed guidance and a well-supported path towards compliance with the PCI PIN standard.

As required by the PCI PIN Security Requirements we will carry out the following:

PCI PIN Onsite Assessment

The onsite assessment will include interviews with key personnel, as well as required testing/sampling as defined by the PCI PIN Security Requirements.

PCI PIN Security Report

This is produced offsite by the Foregenix consultant detailing the findings of the onsite assessment, the report is then passed to the Foregenix QA Service.

Quality Assurance

In addition, our unique QA Service reviews the content and findings of the report to ensure it is presented to the Card Schemes in its best possible form, thereby making sure that the compliance review process with the Card Schemes is as seamless as possible.

The Foregenix QA Service is delivered by a highly knowledgeable team who are very familiar with the Card Schemes and their specific requirements.


"The QSA was very professional, but despite the seriousness of the audit, he managed to maintain a warm relationship with all team members giving them the opportunity to correct their mistakes. The past 18 months really added a lot of value to us as service provider and as such we were many a time prepared with the required evidence if customers approached us."

Madelein Botha
Senior Specialist


Speak with us

Start your PCI project today

We aim to understand your data security challenges - no matter the size of your project.

Were a world-Leading QSA, having completed hundreds of PCI DSS Assessments since our inception. 

Effective, knowledgeable & discreet - talk to us today.