make a good business better
PCI Data Security Standards

What We Do: PCI Data Security Standards PCI Compliance - Today and Tomorrow

Print Divider Print Divider Branding

PCI Qualified Security Assessor (QSA)If you store, process, or transmit credit card data, your business is subject to the Payment Card Industry Data Security Standards (or PCI DSS), a set of security rules designed to curb costly breaches and thefts across the industry. As a certified PCI QSA, LBMC offers a full suite of payments-related data security services to help you attain and demonstrate compliance today.

Our PCI Compliance Services

PCI Gap Analysis/Readiness Assessment

We review compliance efforts performed to date, interview key staff and perform detailed testing procedures. This process will prepare you for a PCI audit and ensure that your PCI self-assessment questionnaire accurately represents your compliance status.

3 Steps to Readiness

PCI Remediation and Roadmap

A readiness assessment may find that some PCI controls are ineffective or inconsistent with PCI DSS 3.2. Once the readiness assessment is complete, we can estimate the effort required to address remediation efforts. Remediation might include policies, software or hardware controls, or segmenting your network to reduce of PCI compliance cost.

Internal Penetration Assessment

Step 1: System Discovery and Enumeration

Step 2: Profile Targets Via Vulnerability Testing

Step 3: Exploitation and Penetration Testing

Step 4: Comprehensive Vulnerability Assessment

Step 5: Results Analysis and Reporting

External Penetration Assessment

Wireless Network Penetration Testing

Social Engineering

Web Application Security Assessment

Dynamic Web Application Security Assessment

PCI Full Scope Audit and Report on Compliance (RoC)

As far as the PCI Security Standards are concerned, only Level 1 merchants (typically big-name chain retailers) have to submit their Report on Compliance. But many acquirers require an RoC regardless of your size and the decision is up to them. After leading you through the audit process and completing the documentation needed to comply with PCI DSS, we issue the final Report on Compliance to the appropriate parties. 

3 Steps to RoC Success

ASV Quarterly Scanning

PCI requirement 11.2.1 requires quarterly vulnerability scans by an Approved Scanning Vendor (ASV). LBMC’s ASV service includes unlimited scans for one year, a secure portal for completing the relevant self-assessment questionnaire, scheduling/administering your scans, and electronic filing with acquiring banks if desired.  The client can use the ASV system on demand at any time.

Understanding PCI 11.2.1 (especially part 11.2.1b!)

Download Our Free PCI 3.2 Compliance Guide

PCI_thumbnail.pngThis is the second edition of our popular, 34 page PCI compliance guide. It has been thoroughly updated for the 3.2 version of the PCI DSS standard that became official in May of 2016.

  • Chapter 1: What is PCI DSS? How did it get started, and why is it important?
  • Chapter 2: How do merchants demonstrate PCI compliance?
  • Chapter 3: How can businesses assess their compliance readiness?
  • Chapter 4: How can merchants secure their card data effectively and close compliance gaps?
  • Chapter 5: How does the Report on Compliance process work, and where is PCI heading in the future?
  • Chapter 6: PCI version 3.2 – What’s new?

PCI compliance is critical for businesses that rely on credit card payments. PCI Compliance Guidelines gives organizations critical information and best practices to meet their PCI compliance deadline in a timely, efficient manner.

Download your copy of PCI Compliance Guidelines Explained

Request a Quote for PCI Services

Do you need to know the cost of PCI security and compliance services for budgeting? Are you ready to move forward and need a quote? Our automated system will prompt you for the information we need to begin assessing your PCI compliance posture.

Request a PCI Services Quote

About LBMC Information Security

We are a nationally-recognized, award-winning IT security and compliance firm with more than 20 years of experience.


  • Fellows of ISSA, the Information Systems Security Association, an honor reserved for 2% of ISSA members worldwide.
  • Information Security Magazine “Security 7” top seven security leaders.
  • ComputerWorld’s Premier 100 IT Leaders in America
  • Southeast Information Security Executive (ISE) of the Year.

We offer the full spectrum of penetration testing, security architecture, risk assessment, and IT compliance services.


Contact Us

PCI compliance isn't easy, but it doesn't have to be hard. To begin your path to credit card security and compliance, contact us, call 1-844-526-2732, or request a callback for a time of your convenience.

click here for executive team