Combining PCI DSS 3.0 and ISO 27001 for a Single, Comprehensive Framework

Share Article

Nexusguard Consulting was invited to the Macau Productivity and Technology Transfer Centre (CPTTC) to discuss ways to implement PCI DSS 3.0, as well as how business can benefit from a single, comprehensive security framework.

News Image
"By implementing both PCI DSS 3.0 and ISO 27001, businesses can create a system that allows support for multiple regulations under a single framework," said Nexusguard Consulting Information Security Manager Ronald Pong.

Online payment is now commonly used for everything from online shopping to paying tuition fees. With endless accounts of information leaks and identity theft all around the world, credit card payment information has emerged as one of the most critical security risks for most individuals. For businesses, the security of online transactions is critical for building and retaining customer trust.

In light of this, the PCI Security Standards Council (PCI SSC) has recently released version 3.0 of its guidelines for securing online transaction, the PCI Data Security Standard (PCI DSS). The new revision bolsters the security of online credit card transactions through six new control objectives, which include 12 requirements for compliance. Since PCI DSS 3.0 emphasizes end-to-end improvements for the entire online transaction process, it will have implications for online payment platforms, financial institutes, and any other business that relies on online transactions.

Earlier this year, Nexusguard Consulting Information Security Manager Ronald Pong was invited by the Macau Productivity and Technology Transfer Centre (CPTTC) to discuss changes in PCI DSS 3.0, revisions in ISO/IEC 27001:2013, as well as applications and preparations for both. According to a report by Barclays, Macau’s entertainment industry grew 18.6 percent in revenue. Due to growth in industries like gaming, tourism, hospitality and construction, credit card transactions have also increased significantly.

Changes in regulations and industry standards tend to impact businesses, requiring time to understand the new regulations and explore ways to implement them. The new PCI DSS revision strengthens control over each link in the payment process, forcing businesses to review and enhance operations and processes. The most practical way to make the transition is by integrating new and old systems.

Pang believes that businesses may encounter difficulties if they simply adopt the security technologies required by PCI DSS 3.0, since existing IT platforms may not be able to accommodate the changes. He thinks that businesses can look to ISO 27001 for inspiration, focusing on making changes in three areas: following guidelines, assessing data and processing data. By implementing both PCI DSS 3.0 and ISO 27001, businesses can create a system that allows support for multiple regulations under a single framework. Not only does this approach completely support existing credit card transaction standards, it also provides significant improvements and reduced complexity in the management of human resources, costs and time.

For more information, please visit

About Nexusguard Consulting
Nexusguard Consulting is an Asian information security specialist company, delivering services that secure critical data, protect identities and help customers demonstrate ongoing compliance. Nexusguard Consulting is 100 percent product and vendor neutral. Our team of experts have 15 years of experience in the information security industry, offering customers individual pragmatic solutions that align information security risks to organizational risks.

Our services include:

  • Information Security Assessment Services
  • Regulatory and Compliance Consulting Services
  • Computer Forensics Litigation Support Services
  • The Payment Card Industry Data Security Standard Audits

Nexusguard Consulting is a sister company of Nexusguard Limited, a separate in legal entity focused on providing industry-leading internet security services, specializing particularly in DDoS mitigation. Nexusguard Consulting is headquartered in Hong Kong and has several branches across the Asia-Pacific region.

For more information, please visit

Press Contacts:
Benjamin Yip - Marketing Manager

Ivy Wu - Marketing & PR Executive

Share article on social media or email:

View article via:

Pdf Print

Contact Author

Ivy Wu
Nexusguard Limited
+886 226598958 Ext: 5124
Email >
since: 05/2012
Follow >
since: 01/2013
Like >
Follow us on
Visit website