Protect yourself and your customers when taking payments, and become a trusted partner for online transactions.

Reflare’s strategic alliance with Dot.Bit delivers cost-effective PCI DSS solutions for your technologies and teams. Our integrated training and audit offering helps you achieve your compliance requirements.

Reflare Powered by Dot.Bit

Payment Processors

The standard represents a baseline of technical and operational requirements designed to protect cardholder data and is maintained by the PCI Security Standards Council.

The council is a global forum for the ongoing development, enhancement, storage, dissemination and implementation of security standards for account data protection.


The Six Principles

The core of the PCI DSS is a group of six principles and accompanying requirements, around which the specific elements of the data security standard are organised.

1.  Build and Maintain a Secure Network and Systems
2.  Protect Cardholder Data
3.  Maintain a Vulnerability Management Program
4.  Implement Strong Access Control Measures
5.  Regularly Monitor and Test Networks
6.  Maintain an Information Security Policy


Transaction Safety

PCI DSS is designed to ensure that ALL companies that accept, process, store or transmit credit card information maintain a secure environment.

It is aimed at ALL entities involved in payment card processing (merchants, processors, acquirers, issuers, and service providers) as well as ALL other entities that store, process or transmit cardholder data (CHD) and/or sensitive authentication data (SAD).


Validation levels

There are two validation levels for service providers, which are based on annual transaction volumes and the type of provider you are.

Your validation requirements may include:

-  Quarterly onsite assessments by a QSA
-  Detailed Report on Compliance (RoC)
-  Attestation of Compliance (AoC)
-  Annual self-assessment questionnaire
-  Quarterly network scan by an ASV


Validation Levels

There are four validation levels for merchants, each based on volumes ranging from fewer than 20 thousand to greater than 6 million transactions per year.

Your validation requirements may include:

-  Annual onsite assessments by a QSA
-  Detailed Report on Compliance (RoC)
-  Attestation of Compliance (AoC)
-  Annual self-assessment questionnaire
-  Quarterly network scan by an ASV

Reflare Powered by Dot.Bit

Compliance Certification for Payment Card Data Security

Process Steps
Requirement Clarification
Help you understand the requirements, how they apply to your environment and setting the scope for assessment.
Gap Analysis
Perform GAP analysis and provide a detailed report on the findings.
Compliance Audit
Undertake the mandatory IT audit required by PCI DSS.
Security Assessments
Perform mandated cyber security assessments such as vulnerability scanning, penetration testing, and ASVs.
Mitigation Planning
Create a mitigation action plan and provide detailed guidance to address all findings.
Documentation Creation
Create necessary IS documentation, policies, and procedures.
Staff Training
Upskill your developers and administrators to meet compliance requirements.
Control Implementation
Implement technical solutions and security controls.
Compliance Submission
Perform the final orders and submit the report on compliance (RoC) and Attestation of Compliance (AoC).
Before engaging in the final audit, our professional consultants will guide and prepare you for the certification process. The team of highly skilled Qualified Security Assessors (QSA) will perform the audit. Upon determining your compliance, they will submit the RoC and AoC to attest to the results of your PCI DSS assessment.