Logo

<
1 2 3 4
>

Our mission is helping you to achieve compliance with the PCI DSS

Our team of consultants are Qualified Security Assessors (QSAs) with many years of commercial Information Technology and Information Security experience.

Our QSAs are here to support you on your journey to Payment Card Industry Data Security Standard (PCI DSS) compliance.

As QSAs, we are recognised PCI DSS professionals, assessing businesses for PCI DSS compliance in conjunction with the PCI SSC.

You, your systems and infrastructure are unique. This will always be reflected in the way we approach your compliance projects.




 

Did you know ...

Tokenisation can help you to reduce costs of ongoing compliance

Have a look at VISA’s best practices for tokenisation! Entities that properly implement and execute a tokenisation process to support their payment functions may be able to reduce the scope, risks and costs associated with ongoing compliance with the PCI DSS.
More…

Point to Point Encryption is another technology that can help you reduce costs

Find out how this technology can be applied to your environment. It is all in the PCI Security Standards Council guidance papers on the use of point-to-point encryption (P2PE) and EMV technologies in a payment card data environment.Aimed at providing the market with greater clarity on how specific technologies relate to the PCI Security Standards and impact PCI DSS compliance, these papers are the first in a series of guidance documents the Council has committed to delivering as part of its ongoing assessment of emerging technologies.
More…

Point-of-Sale Terminal Tampering is a Crime . . . and You Can Stop It

Increasingly, criminals with sophisticated tools are actively targeting vulnerable merchant point-of-sale (POS) terminals to steal payment card data and PINs for counterfeit fraud purposes….. Acquirers, merchants, and processors can take appropriate steps to eliminate POS terminal weaknesses and the possibility of POS tampering.
More…

The OWASP Top Ten: Security for your web applications

The OWASP Top Ten represents a broad consensus about what the most critical web application security flaws are. When your environment is assessed, make sure the latest version of the OWASP Top Ten is taken into account.
More…

Latest data losses

Data breaches are taking place all over the world. Would you like to see what is happening? DataLossDB is a research project aimed at documenting known and reported data loss incidents world-wide.
More…

Official announcements

The PCI Security Standards Council releases the "PCI Tokenisation Guidelines"

Aug 2011, Simon Sharp, one of the directors at illumis Ltd, forms part of the group of professionals who created the "PCI Tokenisation Guidelines". This Information Supplement is intended for merchants that store, process, or transmit cardholder data and are seeking guidance on how implementing a tokenization solution may impact the scope of their compliance efforts with the (PCI DSS). Other payment industry stakeholders including payment processors, acquirers, service providers, assessors, and solution vendors may also find the information in this document useful.
More…

ISSIG presents: Are you up-to-date? A fresh look at Information Security regulation

11th May 2011, This one day event will be of interest to all internal auditors and security professionals. The event will offer an ideal opportunity to network with fellow professionals from both public and private sectors. Speakers will cover:

ISO 27001/2 – How can this benefit your organisation? What are the advantages and disadvantages of implementing such a standard? [Presenter – Mark Towler/Martin Brooks, Deloitte]

PCI - an update – What are some of the challenges facing the industry today? What methodologies are available to help you? Why audit and maintain so much when you don’t have to? [Presenter – Simon Sharp, illumis]

The Tao of the Data Protection Act – What is the essence of the Data Protection Act? Where did it come from and why is it important? [Presenter – Richard Hollis, Orthus Ltd]

But what about the technology? – What are the typical technologies that an organisation needs to have in place to provide protection from unauthorised attack? [Presenter - Leon Ward, Sourcefire]
More…

Learn how to Protect Telephone-Based Payment Card Data

March 18, 2011 - The PCI Security Standards Council (PCI SSC) today released an educational resource on PCI DSS requirements for securing cardholder data in audio recordings.
The Protecting Telephone-Based Payment Card Data Information Supplement provides actionable recommendations to merchants and service providers for securely processing payment card data over the telephone.
More…

VISA releases the Technology Innovation Programme for merchants

Feb 09, 2011 - VISA is introducing the Technology Innovation Programme (TIP) to recognise and acknowledge merchants in Visa Inc. regions outside of the United States that have taken action to prevent counterfeit fraud by investing in EMV technology.
The programme specifically benefits those merchants that have made progress towards purchasing, deploying and enabling EMV point-of-sale (POS) terminals.
More…



 
Illumis Ltd   ¦   United Kingdom
Registration No. 7031425
VAT No. 998382251
PCI