Imprint/Impressum
Deutsch
English
Payment Card Industry [PCI]
  PCI DSS Services
  PA-DSS Services
  PCI PIN Security
Compliance Software Solutions
  Merchant Compliance Portal
  Acquirer Compliance Solution
Company
  Customers
  Management
  Certifications
  Careers
  Contact
HOME Payment Card IndustryPA-DSS Services


LEARN MORE ABOUT OUR PA-DSS SERVICES !

The Standard
The Payment Application Data Security Standard [PA-DSS] is a set of requirements derived from the PCI DSS and the PCI DSS audit procedures to provide the vendors with PCI DSS aligned software development, implementation and operating guidelines. Depending on the card scheme organisations regional security programme requirements compliance with this standard is mandatory or optional for payment application vendors.

The PA-DSS includes requirements for sensitive data storage and protection, access control and logging functionality, secure software design and development, security documentation, ability to operate in secure network architectures, as well as other critical protective measures. These comprehensive requirements are intended to help application customers in proactively protecting their customer account data and achieve alignment with PCI DSS by using certified applications. The PA-DSS is grouped in fourteen requirement sections addressing about 40 single requirements. The requirements focus on the application specific issues of the six main sections of PCI DSS which are:

  • Build and Maintain a Secure Network
  • Protect Cardholder Data
  • Maintain a Vulnerability Management Program
  • Implement Strong Access Control Measures
  • Regularly Monitor and Test Networks
  • Maintain an Information Security Policy

PA-DSS applies to every vendor offering payment applications to banks, processors, payment service providers or merchants who use the application to store, process, or transmit cardholder or transaction data on their own or on behalf of one of the other entities through this payment application.

Services
 Acertigo provides with the PA-DSS Assessment services a comprehensive set of services to assist software vendors in achieving compliance with the Payment Application Data Security Standard requirements. The proven Acertigo methodology of rendering these services is separated into different stages to assist the vendor in achieving compliance. During these stages, Acertigo provides the vendor with services to allow the vendor to achieve compliance in an efficient and timely manner. These stages are:

  • Pre-Compliance Review
    During this stage Acertigo provides knowledge and understanding of the requirements of the PA-DSS. In workshops and interviews together with the responsible staff members gaps regarding the control objectives are identified and necessary remediation activities are defined.
  • Remediation Advisory and Consultancy
    During this stage Acertigo assists the vendor in remediation work to close the identified gaps. Commonly identified gaps are non-aligned key management and encryption methods, storage of sensitive authentication data, lack of audit trails, and inadequate remote access control.
  • Readiness Review
     An onsite review according to the PA-DSS audit procedures is conducted by Acertigo auditors together with the responsible staff of the customer during an onsite visit. This review addresses development processes and procedures, logical security, documentation, and security management.