PCI Audit

Padlock and stack of credit cards on top of laptop

A PCI compliance audit assesses a merchant’s point-of-sale (POS) system by examining it, identifying vulnerabilities and instituting precautions to prevent data from being compromised. There are two basic reasons that a business that accepts credit cards would be required to have an onsite assessment of their cardholder data environment:

  1. The Payment Card Industry Data Security Standard (PCI DSS) requires that Level 1 merchants (primarily big-box stores and major corporations) undergo an annual internal audit as part of the PCI compliance process.
  2. Merchants in Levels 2 through 4 are required to undergo a PCI compliance audit if they suffer a data security breach, or if their merchant services provider determines that they have an increased risk of data breach.

A PCI compliance audit must be conducted by a Qualified Security Assessor (QSA) approved by the Payment Card Industry Security Standards Council (PCI SSC). He or she evaluates all aspects of your security infrastructure — from policies and procedures to systems and networks — and provides you with a risk assessment that is the basis for improving your data security. Think of it as your roadmap for achieving or reclaiming your PCI compliance.

After reviewing the assessment and prioritizing the points that need attention, the QSA will provide you and your employees with security awareness training to bring you up to date with current PCI standards.

As part of the ongoing PCI compliance process, it is your responsibility to implement the changes noted in the QSA’s audit report, known as the Report on Compliance (ROC). The QSA can act as a consultant or manage the process. This is part of the 3-step Assess/Remediate/Report approach to PCI DSS compliance process advocated by the PCI SSC:

Assess: Identify cardholder data, take an inventory of your IT assets and business processes for payment card processing, and analyze them for vulnerabilities that could expose cardholder data.

Remediate: Fix vulnerabilities and do not store cardholder data unless you need it.

Report: Compile and submit required remediation validation records (if applicable), and submit compliance reports to the acquiring bank and card brands you do business with.

Rather than being something you should dread, a PCI compliance audit with a QSA can be a valuable tool to keep your business and your customers safe from a payment card data breach. TransFirst® is standing by to help you reach and maintain the highest level of PCI compliance.


Get Started Below

or Call 888.845.9457
Do you accept credit cards?
Are you a U.S.-based business?
What is your primary method of processing?
  • Your information is private and secure. We only accept U.S.-based businesses. We do not accept adult businesses


satisfied merchants, partners and vendors
See What Others Are Saying


Chat with a Professional!

Your information is private
and secure.We only
accept U.S.-based
businesses. We do not
accept adult businesses.

©2017 Total System Services, Inc. TSYS® is a federally registered service mark of Total System Services, Inc. All rights reserved. TSYS Merchant Solutions is a registered ISO/MSP of Wells Fargo Bank, N.A., Walnut Creek, CA; Synovus Bank, Columbus, GA, and First National Bank of Omaha, Omaha, NE. TSYS Business Solutions is a registered ISO/MSP of Wells Fargo Bank, N.A., Walnut Creek, CA; Synovus Bank, Columbus, GA; and Deutsche Bank, New York, NY for Visa and Mastercard transactions only.