• Skip to primary navigation
  • Skip to main content
  • Skip to footer
Logo of Agilient Security Consultants, Australia

Agilient Security Consultants Australia

The Best Security Consultants

Menu
  • Industries
      • Aviation and Airport Security Consultants Australia
      • Defence Industry Security Consulting
      • Government Security Consulting
      • Healthcare & Hospitals Security Consulting
      • Corrections and Detention
      • Maritime Security Consultant
      • Aged Care Facilities
      • Mining, Oil & Gas
      • Public Venues & Events
      • Rail
      • School and Education Security Consultant
      • Telecommunications Security Consultant
      • Utilities
      • Places of Faith and Worship
    • advice-colleagues-communication-newIndustries
  • Services
      • Cybersecurity Consultants
      • Protective Security
      • Business Resilience
      • Building Security Consultants
      • Security Audits
      • Cyber Audits
      • Data
      • Pandemic Planning
      • Azure
      • Electronic Security
      • IT Disaster Recovery Planning
      • Business Continuity Consultants
      • Identity Theft Consultant​
      • Security Consultants
      • Security Camera and CCTV Consultant
      • ISO
      • Duress Alarms
      • Cloud
      • AWS
      • Awareness Training
      • Penetration Testing
      • Security Risk Assessment Consultants
      • Managed Security Service Provider
      • Protection against Vehicles as a Weapon
    • training-1Services
  • Locations
    • Security Consultant Melbourne
    • Security Consultant Sydney
    • Security Consultant Brisbane
    • Security Consultant Adelaide
    • Security Consultant Canberra
    • Security Consultant Perth
  • Resources
    • menumanagers-dealing-customer-agreTraining
    • working-together-newJoin The Tribe
    • Webinars_3-1.jpgUpcoming and Past Events
    • hacking-detected-shutterstock_newResources
  • Articles
  • About
    • About Us
      We are an Australian owned and operated security company specialising in risk, cybersecurity, protective security, crisis and business continuity management services.
    • frequently-asked-questions-smallFAQ’s
    • bg-menu-government-institutionsConsultant Registration
  • Contact Us
Contact Us

PCI Security Standards Council: Securing the Future of Payments

You are here: Home / Agilient News Updates / PCI Security Standards Council: Securing the Future of Payments

Payment Card Industry Data Security Standards (PCI DSS) are a set of standards for handling the information on payment cards securely, as prescribed by the Payment Card Industry Security Standards Council (PCI SSC). The PCI SSC was established in December 2004 when the previously separate standards, and subsequent external audits, for processing payments from American Express, Discover Card, JCB Co. Ltd, Mastercard and Visa came together and combined their security requirements into one contiguous regulation and one audit.

PCI Security Standards Council: Securing the Future of Payments
PCI Security Standards Council: Securing the Future of Payments

Organisations that process card payments are required to meet PCI DSS to an acceptable level at each regular audit. The audits are generally conducted yearly, and performed by PCI accredited professionals working for PCI-accredited organisations. Accreditations are also renewed yearly, keeping the standards and auditors relevant to current threats and mitigations.

Apps for mobile devices that handle payment card information also must meet the Payment Applications Data Security Standards (PA DSS). Assessment of PA DSS is applied in a similar way to PCI DSS, and may be combined with PCI DSS assessments of cloud infrastructure to support the app.

Non-compliances discovered during the audits are rated Minor and Major, with each attracting an appropriate fine payable to the PCI SSC, ostensibly to offset the risk of fraud to the card companies. Major non-compliances or non-payment can result in withdrawal or cancellation of payment card processing for the company.

The PCI DSS and PA DSS standards are a collection of best practices and known working mitigations to significantly reduce the threat of payment card and cardholder information, which becomes more relevant considering the Privacy Act 1988 and the Part IIIC Notifiable Breaches amendment 2017, and may provide some assurances in applying parts of the standards to other areas of infrastructure.

The PCI SSC only recognises audit results from PCI Qualified Security Assessors (PCI QSA), certified security companies and individuals, with PCI DSS and PA DSS audits requiring highly trained and continuously certified QSA auditors to conduct the yearly inspections. Re-visits to verify rectification of issues can be costly and may be difficult to schedule.

The rate of change in modern markets is increasing, with Agile project frameworks and DevOps accelerating growth and requiring companies to adapt in order to remain competitive. Add to this the need to engage PCI QSA auditors, and PCI compliance can be a stressful time for companies, especially IT Managers and Security Officers.

Recommendations

Corporations can lower costs and increase assurance by using security companies that understand the pace of modern businesses and standards compliance, without taking on the overhead of QSA certification themselves.

Further, PCI DSS is the “Gold Standard“ measure for financial services infrastructure and may be used to give assurance of security levels around elements of infrastructure not in scope for a PCI DSS audit – for example, international links or surrounding infrastructure in the wake of the SWIFT thefts and attacks.

Companies looking to achieve initial PCI DSS compliance may follow the prioritised approach published by the PCI SSC.

Agilient have the highest calibre staff including policy writers, auditors, project managers and technical staff to perform vulnerability analysis and penetration testing that may be called on to assess security levels against any standard.

 

References and Resources

https://www.pcisecuritystandards.org/document_library

https://www.pcisecuritystandards.org/assessors_and_solutions/approved_scanning_vendors

https://www.oaic.gov.au/privacy-law/privacy-act/notifiable-data-breaches-scheme

https://www.oaic.gov.au/privacy-law/privacy-act/

Tweet
Share

Agilient News Updates

Looking for a security partner? Get in touch with Agilient.

Looking for practical and cost-effective security and risk solutions for your government department, agency or company? Speak with Australia’s leading senior security, risk and resilience experts.


Looking for a pandemic planning partner? Get in touch with Agilient.

Looking for practical and cost-effective risk management solutions for your government department, agency or company? Speak with Australia’s leading senior risk and emergency management experts.



Footer

Agilient is a proud member of

Ai Group Defence Council
Australian Industry & Defence Network
Australian Security Industry Association
Sydney Aerospace & Defence Interest Group

Company and Licensing Details:

ABN: 37 157 911 441
NSW Security Master Licence # 410783087
ACT Security Master Licence # 17502184
Vic Security Registration # 878-460-40S
Qld Security Firm Licence # 3834422

Join The Tribe

Sign up to receive our regular Agilient newsletter including the latest security, risk and resilience updates

Sign up now

Copyright © 2025 Agilient – Level 14, 275 Alfred St, North Sydney NSW 2060 Australia – 1300 341 692

Our Services

Security Consultant

Security Consultant Sydney

Security Consultant Melbourne

Security Consultant Canberra
Security Consultant Perth

Security Consultant Adelaide

Security Consultant Brisbane