Transform Customer Experience with Virtual Agents + Data + AI — Discover Now

PCI Compliance & Assessment

Online is pleased to be recognized as a PCI DSS Qualified Security Assessor Company in Gartner’s Market Guide for PCI DSS Qualified Security Assessment Services.

Payment Card Industry (PCI) compliance is the by-product of a robust security program. We help ensure that your program is sustainable while aligning with business objectives.

If you are an entity that stores, processes, or transmits cardholder data, or if your company provides services to organizations where you could impact the security of their payment card data environments, you are required to comply with the PCI DSS.

Organizations that don’t protect cardholder data are subject to penalties and fines, not to mention increased financial and reputational risk. Online's proven risk-based approach to PCI assessments while focusing strongly on business objectives, people, processes technology, and culture has helped hundreds of clients achieve and maintain PCI compliance.

Online speaks PCI DSS v4.0!

Our consultants have spent thousands of hours reviewing v4.0 and are prepared to help you interpret how these changes affect your environment.

To learn more about how these changes will impact you, visit our PCI v4.0 Resource Center. And remember - the sooner you fall behind, the more time you have to catch up!

Show me more

Asset Management

Cardholder and PII Data Discovery

Secure Code Training

PCI Readiness Assessments

PCI Trusted Advisor Consulting Services

Risk Assessments

Remediation Consulting including Prioritized Roadmaps

Penetration Test Services (Network, Application, and Segmentation)

PCI Assessments with Attestations of Compliance

Security Awareness Training

CASE STUDY: Asset Management and PCI Compliance

A Service Provider handling customer cardholder data (CHD) engaged with Online to address multiple significant technical, procedural, and time-based requirements.

To address these problems, Online's Service Management team performed a comprehensive evaluation of the network and application environment that included both on-prem and cloud based systems, utilizing the BMC Discover platform coupled with expert analysis from our team of consultants.

Online was pleased to be able to help the Client obtain an Attestation of Compliance for 2020, avoiding fines and potentially costly contractual issues with their customers. The Client has greatly improved their security and compliance posture and is well positioned to leverage this work to create a sustainable and optimized program in the future.

Read this story
BLOG: A QSA Reflects on the
COVID-Affected Security Landscape

Online's Sherri Collis became a Qualified Security Assessor (QSA) in March 2008, and has performed hundreds of assessments through the years.

The current COVID-19 circumstances have certainly changed the world of PCI assessments; however, this different process isn't necessarily a good change or a bad change, perhaps a bit of both. Join us in discussing how tools like GoToMeeting, Zoom, and Facetime have made remote assessments possible.

Keep Reading
BLOG: Business Resumption: Contact Centers

As businesses adapt to the changes in their operations due to the current state of our business landscape, the main question our Qualified Security Assessor's (QSAs) have been responding to is regarding how organizations can maintain PCI compliance while transitioning their contact centers (and associated business processes) to a "work from home" model.

Our team has responded by asking:

"Is this a permanent change, or a short-term change that is related to business resumption?"

Keep Reading
Expand Your Security Processes Past Compliance

Our Risk, Security and Privacy (RSP) team is committed to delivering RIGHT-SIZED SECURITY and helping our clients create and manage cost-efficient and risk-effective information security programs that are aligned with their unique needs and risk appetite.

show me more


BLOG: Secure POS Implementations
Gone Wrong

If you are a merchant with point of sale systems (POS) accepting the EMV(R) Chip, and/or if you have implemented a Point-to-Point Encryption (P2PE) solution, you may want to have a quick read and confirm the security posture of your POS implementation.

keep reading
BLOG: Cybersecurity is About Attitude, Culture...Not Strictly Compliance

Security is something you do continuously and diligently; not something you check off a "to do" list and then sit and relax. PCI has all the component parts to allow companies to adapt this state of due diligence.

keep reading




PCI Services, Risk, Security and Privacy

let's talk


Vice President

Risk, Security and Privacy

let's talk
Check out
Strategy & Roadmap
services at Online


Check out
Contact Center Consulting
services at Online


Check out
Digital Studio
services at Online