Can you afford to lose 4% of your revenue?

The penalties for non-compliance are eye watering. Infringement on certain articles of PCI DSS and GDPR carry fines of up to 4 per cent (each) of your total global revenue. Let us help you to stay safe.

Yes, I can No, I can't


Let us reduce your audit scope by using tokens

Storing tokens instead of PANs or personal data is one alternative that can help to reduce the amount of sensitive data in your environment, potentially reducing your effort to stay compliant. Our 366-product line is custom made for different verticals compliance needs. Please contact us and we will tell you more on how we can make your life a bit easier.

366-product line

  • 366 Booking
  • 366 Payment
  • 366 GDPR
  • 366 Tokenization


Security services

Compliance is a continuous process. It can be a tedious task for you to handle on your own since the requirements constantly change, and it’s a full-time job just to stay updated. If your organisation needs to validate its compliance with PCI DSS or you need help to get ready for the new GDPR rules, please contact us.

366 SECOM can help you with:

# PCI Qualified Security Assessor (QSA)

# PCI DSS GAP analysis

# Vulnerability Scanning

# ASV scan as a Service (SaaS ASV)

# Penetration (pen) tests

# Train developers in secure development methods

# Hardening of operating systems, databases and applications

# Safety policies and procedures

# Safety regulations regarding access and operations

# Safety Design of your environment and services


  • Qualified Security Assessors

    As an independent security organization, we are Qualified Security Assessor (QSA) and have been qualified by the PCI Security Standards Council to validate an entity’s adherence to PCI DSS. The PCI council was founded in 2006 by American Express, Discover, JCB International, Master Card and Visa Inc. The share equally in governance and execution of the Council’s work.
    PCI council

    Qualified Security Assessors
  • Safe and secure

    With our Tokenization Service there is no sensitive data to steal in case of an attack. Our service handles your sensitive data in a highly secure PCI DSS-certified infrastructure, encrypted in a database and then link it to an alias, often called a token. The token has no value and you never store credit card, personal data or any other sensitive data in your system.

    Safe and secure
  • 366 SECOM

    We help business with cyber security and compliance.
    Our suite of products and services helps business secure their sensitive and confidential data and comply with regulatory requirements such as PCI DSS and GDPR. Our dedicated team are committed to protect data and reduce risks.
    Highly motivated hackers, compliance requirements, corporate data breaches, and the need for businesses to secure sensitive data have made companies aware that security is a must have.

    366 SECOM

    The Payment Card Industry Data Security Standard (PCI DSS) is an information security standard for organizations that handle branded credit cards from the major card schemes.


Contact Us

Our contact info

Headquarter, Sweden

366 Security and Compliance AB
Visting address: Hammarby Kaj 18, 120 30, Stockholm, Sweden
Phone: +46-(0)8-535 24 100

Local office, Rome

Address: Via Rubicone 18, 00198 Rome, Italy
Phone: +39-06 6228 3868

Local office, Warsaw

Address: ul. Kazimierzowska 43/64, 02-572 Warszawa, Poland
Phone: +48-69 5109 552

Local office, Athens

Address: Solonos #140, Athens 10677 Greece
Phone: +30-69 4483 84 83