Security risks associated with payment applications have never been greater or more publicized. Get expert insight into PA-DSS and application penetration testing, the requirements, where they apply, how they play a role in securing payment applications and much more.
PCI DSS VALIDATION
The PCI DSS applies to all entities, both service providers and merchants, that store, process, and/or transmit cardholder data. It covers technical and operational system components included in or connected to cardholder data. Our professionals utilize the current PCI DSS including the testing methodology, prioritized approach, quality assurance standards, and other reporting procedures set forth by the PCI Council.
A PA-DSS validation ensures payment authorization security. The standards for authorization are maintained by the PCI Security Standards Council. A PA-DSS Qualified Security Assessor, Schellman provides a thorough payment application review so you can be sure your technology is PA-DSS compliant. Testing can occur both on-site or from one of Schellman's laboratories.
P2PE makes payment card data unreadable — and less valuable — until it reaches a secure decryption environment. Protect your company and your customers' data with a P2PE Qualified Security Assessor like Schellman. Our experts provide your company with validation of its secure hardware-based point-to-point encryption solutions. Schellman provides both QSA and PA-QSA P2PE services.
PCI DSS Requirement 11.2.2 requires merchants and service providers to perform quarterly external vulnerability scans by an approved vendor. Schellman’s ASV Unified Scan service can deliver the required scans and provide actionable data for organizations.
Our experts can help you make the most out of your payment card assessment by providing scoping assessments, readiness assessments, and on-site validations
SCOPING ASSESSMENT
Schellman will conduct interviews and review network, data flow documentation, and configuration information to help the client determine where cardholder data may exist. Additionally they will review network diagrams and configurations to identify segmentation utilized to reduce the scope of an assessment and document and confirm the scope for a subsequent PCI annual on-site validation.
READINESS ASSESSMENT
Schellman will evaluate proposed architectures for alignment with the PCI and perform a high-level review of key controls in place. They will identify gaps and provide feedback on common “problem areas” for PCI including encryption, application development, logging, and policy management.
ANNUAL ON-SITE VALIDATION
Schellman will conduct a thorough assessment against the current PCI DSS based on a defined testing methodology and quality assurance standards.They will issue a formal Report on Compliance (ROC) and Attestation of Compliance (AOC) for PCI assessments and Reports of Validation (ROV) and Attestations of Validation (AOV) for PA-DSS and P2PE enagements.
TALK WITH ONE OF
OUR SPECIALISTS
Our Schellman teams have experience performing hundreds of PCI validations. We’re here to answer any questions.
