Our client, a major retailer, had experienced a data breach and was looking for a provider that could help it become PCI compliant very rapidly. (“PCI compliant” refers to the requirement that merchants who accept credit card payments adhere to the payment card industry (PCI) security standards for handling credit card data.) 

To help our client achieve their compliance objective, Protiviti’s Information Technology (IT) Security and Privacy professionals executed the following steps:

1. Proposed a PCI remediation approach to reduce scope and cost without compromising security effectiveness.
2. Designed and implemented a secure network architecture for the retail Internet business, scaled to handle 2,000 orders per hour.
3. Developed 30 policies related to IT processes and performed internal and external network security penetration tests.

Protiviti’s initial assessment found that the client was in compliance with about half of the necessary requirements.

Within six months, Protiviti’s professionals had designed and implemented a secure architecture, including secure encryption and tokenization of credit card numbers, intrusion detection, log consolidation and file integrity monitoring.

Following the completion of the project, Protiviti issued a report that validated our client’s compliance to the PCI standard.  (Note: Protiviti is a Qualified Security Assessor (QSA), Payment Application Qualified Security Assessor (PA-QSA), and Approved Scanning Vendor (ASV) company). 

How We Help Companies Succeed

As the business world’s communications and commerce become more electronically integrated, activities and technology assets require more protection. Security threats, vulnerabilities and information exposures challenge every organization today, creating risks that must be controlled and managed. Often, organizations do not know what risks they face or how they will manage them in the event of a security breach.

Protiviti provides a wide variety of security assessment, architecture, transformation and management services to help organizations identify and address potential security exposures (e.g., loss of customer data, loss of revenue, or reputation impairment to a customer) before they become problems. Our professionals apply industry standards and tools to identify gaps in architecture and processes that pose risks. Our professionals are available to assist management in the event of an incident to identify the source, reduce the risk and remediate the exposure.

​Jeffrey Sanchez
Managing Director
213.327.1433
jeffrey.sanchez@protiviti.com

Protiviti (www.protiviti.com) is a global business consulting and internal audit firm composed of experts specializing in risk, advisory and transaction services. The firm helps solve problems in finance and transactions, operations, technology, litigation, governance, risk, and compliance. Protiviti’s highly trained, results-oriented professionals provide a unique perspective on a wide range of critical business issues for clients in the Americas, Asia-Pacific, Europe and the Middle East.

Protiviti has more than 60 locations worldwide and is a wholly owned subsidiary of Robert Half International Inc. (NYSE symbol: RHI). Founded in 1948, Robert Half International is a member of the S&P 500 index.