make a good business better
Print Divider Print Divider Branding

PCI Qualified Security Assessor (QSA)If you store, process, or transmit credit card data, your business is subject to the Payment Card Industry Data Security Standards (or PCI DSS), a set of security rules designed to curb costly breaches and thefts across the industry. As a certified PCI QSA, LBMC offers a full suite of payments-related data security services to help you attain and demonstrate compliance today.

Our PCI Data Security Standards Services

PCI Gap Analysis/Readiness Assessment

We review compliance efforts performed to date, interview key staff and perform detailed testing procedures. This process will prepare you for a PCI audit and ensure that your PCI self-assessment questionnaire accurately represents your compliance status.

PCI Remediation and Roadmap

A readiness assessment may find that some PCI controls are ineffective or inconsistent with PCI DSS 3.2. Once the readiness assessment is complete, we can estimate the effort required to address remediation efforts. Remediation might include policies, software or hardware controls, or segmenting your network to reduce of PCI compliance cost.

PCI Penetration Testing

Testing to assure compliance with PCI DSS Section 11.3. Internal and external testing of the application layer, network layer, wireless networks, and social engineering. The methodology, scoping, and reporting processes align with the PCI DSS 3.1 requirements for penetration testing, including the CDE boundary validation requirements in PCI DSS 11.3.4.

Internal Penetration Testing

Step 1: System Discovery and Enumeration

Step 2: Profile Targets Via Vulnerability Testing

Step 3: Exploitation and Penetration Testing

Step 4: Comprehensive Vulnerability Assessment

Step 5: Results Analysis and Reporting

External Penetration Testing

External Penetration Assessment

Wireless Network Penetration Testing

Social Engineering

Web Application Security Assessment

Dynamic Web Application Security Assessment

PCI Full Scope Audit and Report on Compliance (RoC)

As far as the PCI Standards are concerned, only Level 1 merchants (typically big-name chain retailers) have to submit their Report on Compliance. But many acquirers require an RoC regardless of your size and the decision is up to them. After leading you through the audit process and completing the documentation needed to comply with PCI DSS, we issue the final Report on Compliance to the appropriate parties. 

ASV Quarterly Scanning

PCI requirement 11.2.1 requires quarterly vulnerability scans by an Approved Scanning Vendor (ASV). LBMC's ASV service includes unlimited scans for one year, a secure portal for completing the relevant self-assessment questionnaire, scheduling/administering your scans, and electronic filing with acquiring banks if desired. The client can use the ASV system on demand at any time.

Download Our Free PCI 3.2 Compliance Guide

PCI_thumbnail.pngThis is the second edition of our popular, 34 page PCI compliance guide. It has been thoroughly updated for the 3.2 version of the PCI DSS standard that became official in May of 2016.

  • Chapter 1: What is PCI DSS? How did it get started, and why is it important?
  • Chapter 2: How do merchants demonstrate PCI compliance?
  • Chapter 3: How can businesses assess their compliance readiness?
  • Chapter 4: How can merchants secure their card data effectively and close compliance gaps?
  • Chapter 5: How does the Report on Compliance process work, and where is PCI heading in the future?
  • Chapter 6: PCI version 3.2 – What's new?

PCI compliance is critical for businesses that rely on credit card payments. PCI Compliance Guidelines gives organizations critical information and best practices to meet their PCI compliance deadline in a timely, efficient manner.

Download your copy of PCI Compliance Guidelines Explained

Get a Quote on PCI Services

Do you need to know the cost of PCI security and compliance services for budgeting? Are you ready to move forward and need a quote? Our automated system will prompt you for the information we need to begin assessing your PCI compliance posture.

About LBMC Information Security

We are a nationally-recognized, award-winning IT security and compliance firm with more than 20 years of experience.


  • Fellows of ISSA, the Information Systems Security Association, an honor reserved for 2% of ISSA members worldwide.
  • Information Security Magazine "Security 7" top seven security leaders.
  • ComputerWorld's Premier 100 IT Leaders in America
  • Southeast Information Security Executive (ISE) of the Year.

We offer the full spectrum of penetration testing, security architecture, risk assessment, and IT compliance services.


Contact Us

PCI compliance isn't easy, but it doesn't have to be hard. To begin your path to credit card security and compliance, contact us, call 1-844-526-2732, or request a callback for a time of your convenience.

click here for executive team