PCI DSS Services

Payment Card Industry Data Security Standard (PCI DSS)
CertBy, which is the sub-contracted authorized for the Payment Card Industry Data Security Standard (PCI DSS).

The Payment Card Industry (PCI) has developed Data Security Standards (DSS) that Merchants and Service Providers that process, transmit or store credit card data must strictly adhere to. Regardless of the amount of credit card transactions a merchant or service provider handles, they must comply with PCI DSS.

CertBy provides sub-contracted Qualified Security Assessor (QSA) Company service in Turkey and can offer its services to merchants and service providers in all of Turkey, Europe, Middle East and Africa, USA, Asia and other regions. CertBy can help you become fully compliant and/or review your operation to confirm that you are PCI DSS compliant.

One of the requirements is a quarterly scan by the Approved Scanning Vendor (ASV) to test for vulnerabilities on your website. CertBy can provide you with this service by subscribing to our online scanning portal.

Another very important requirement of PCI DSS is Vulnerability Analysis and Penetration Testing. We are proud to be able to offer this service not only as a way to meet the requirement, but also to ensure that all holes in the system are closed in a timely manner. Penetration testing involves a significant amount of manual testing. Testing is done both externally and internally and can be either a white box (WhiteBox) or a black box (BlackBox). Network and application layer tests are performed as part of the exercise. We are confident that our customers will find our rates extremely competitive for such a service. The test will be performed based on the latest version of PCI DSS.

We can assist you with PCI DSS Compliance and Certification. We are well aware that a one-dimensional approach to interpreting PCI DSS requirements does not work. In fact, it is this approach taken by some evaluators that has caused many companies to exceed time and budget in their adaptation efforts. We believe every company should be evaluated considering its size, resources, business constraints and risk exposure.

SAQ (Self-Assessment Questionnaires)


For merchants who need to verify eligibility through a Self-Assessment Questionnaire, we are happy to serve by helping to understand the intent behind the requirements, verifying whether the requirements actually exist, and working with the vendor to implement solutions. Although this is not a certification and therefore does not involve a significant amount of testing, we will walk you through the entire project until the end of a successful project.