LONDON, UK: GRC International Group PLC (AIM: GRC), the international governance, risk management and compliance company whose main business is cyber defence-in-depth, announces that its IT Governance business is now providing Payment Card Industry (PCI) Qualified Security Assessor (QSA) services in the USA. 

The business has been authorised to operate in the US and now appears on the PCI Security Standards Council (PCI SSC) website.

PCI SSC is a global forum that brings together payments industry stakeholders to develop and drive adoption of data security standards and resources for safe payments worldwide.

All businesses that accept payment cards are vulnerable to hackers trying to steal financial information and commit identity fraud. The Payment Card Industry Data Security Standard (PCI DSS) introduced by the PCI SSC, exists to ensure that businesses process credit and debit card payments effectively to protect cardholder data.

All organisations that accept, store, transmit, or process cardholder data must comply with the PCI DSS.

IT Governance’s new PCI QSA licence means that the business can now extend its Qualified Security Adviser services to the US.  It can undertake security audits on organisations that process payment cards and certify that they are compliant with the PCI DSS.

This investment is one of a number that are accelerating the growth of the Group’s US business, one of GRC’s medium-term strategic priorities.

Alan Calder, Chief Executive Officer, commented: “This important development reflects the quality of our service offering and technical expertise across our operations.

“This QSA license will enable us to provide a wider global service for existing customers and partners who have growing e-commerce and payment services business in the US. These types of PCI Consultancy contracts tend to be large and multi-year.

“It is also a demonstration of our international development strategy as we see considerable opportunities across the substantial US market. The US market has seen a significant increase in cybercrime which is resulting in an acceleration in governance, particularly as US PCI compliance has lagged behind the UK and the EU.”