With offices in the USA, Canada, UK and Australia, PSC is a leading PCI and PA DSS assessor and Approved Scanning Vendor. PSC is one of an elite few companies qualified globally to provide expert services and solutions to organizations that require specialist compliance or consulting support in the areas of Payments, Security or Compliance.
PSC's focus is exclusively on Clients that accept or process payments or technology companies in the payment industry. All staff at PSC have either worked within large merchant/retail organizations or services providers. Each executive at PSC has held executive management positions with responsibilities for payments and security.
PSC's approach includes a high-touch, hands-on methodology, that helps guide our Clients from consideration of strategic alternatives all the way through implementation and sustaining activities. The PSC team works closely with Clients to understand their objectives produce pragmatic and actionable plans and aid in execution as required.
Compliance
PSC's unique service offering in this area focuses on managing sustaining compliance activities to reduce deviations and exceptions; establishes transition plan and compliance activities to meet new security standards; reduces annual PCI DSS assessment time and overall effort by managing continual compliance demonstration; and, increases compliance by elimination of compensating controls and monitoring of important security activities. Maintaining PCI-DSS compliance between assessments is an extremely challenging proposition, it cannot be considered a once a year event.
Cyber Security Training
Training has become increasingly important for any organization wishing to obtain certification to any standard (PCI, ISO, AICPA etc). PSC offers a range of training solutions individually tailored to the organizations needs. Trainings are individually tailored to the needs and employee requirements of the organization. With a highly interactive presentation style, PSC trainings offer hands on workshops, exercises, technical and non-technical written tests (depends on course type and requirements). Every student receives a certificate of completion that may be eligible for CPE’s.
Cybersecurity Consulting
PSC recognizes that businesses in the payment card industry have non-breach related needs for forensic consulting related to PCI and PII, including assessing overall security and compliance posture. PSC offers a highly specialized forensic payment application analysis to assess the security of existing payment applications, systems and underlying architectures.
Incident & Breach Response
In the case of a breach, PSC works with the client to re-establish business continuity as quickly as possible. PSC uses the latest tools and techniques to perform a detailed forensic review. After the onsite review has been concluded, PSC produces a forensic report that details the nature of the breach, the root causes as well as provides remediation steps and recommendations.
PCI Forensic Investigators
PSC is certified by the PCI Security Standards Council and card brands as a PCI Forensic Investigator (PFI) Company. When an entity that stores, processes, or transmits payment card data is compromised and is the subject of a security issue, that entity may be required to engage a PFI to assess and report on the breach. With employees in 15 states across North America and operations in Europe, PSC is ideally located to support your PFI needs, be it San Francisco, New York, London or Berlin.
Web Application Security
he goal of Web Application Security Testing is to provide a thorough review of web-based software applications or web services for any security defects that may exist within the software and could lead to a breach or compromise. PSC will utilize both automated and manual tests that are customized for the specific application. The test will examine communications between the client (browser) and the server to first understand how the application was designed. With this information, PSC will analyze the design for components of the application that will be targeted during the testing. Targets will be tested for their resilience to unexpected or malicious input, boundary cases, and the ability to recover when the application has reached an unexpected state.Internet-facing applications can be tested remotely from PSC’s Security Lab. Applications that are not available to the general public are tested onsite. Testing is based on the Open Web Application Security Project (OWASP), CWE Top 25