PCI DSS, PA-DSS, and PCI P2PE Validations
Webinar Replay: PA-DSS and App Security
Security risks associated with payment applications have never been greater or more publicized. Get expert insight into PA-DSS and application penetration testing, the requirements, where they apply, how they play a role in securing payment applications and much more.
The PCI DSS applies to all entities, both service providers and merchants, that store, process, and/or transmit cardholder data. It covers technical and operational system components included in or connected to cardholder data. Our professionals utilize the current PCI DSS including the testing methodology, prioritized approach, quality assurance standards, and other reporting procedures set forth by the PCI Council.
LEARN MOREA PA-DSS validation ensures payment authorization security. The standards for authorization are maintained by the PCI Security Standards Council. A PA-DSS Qualified Security Assessor, Schellman provides a thorough payment application review so you can be sure your technology is PA-DSS compliant. Testing can occur both on-site or from one of Schellman's laboratories.
LEARN MOREP2PE makes payment card data unreadable — and less valuable — until it reaches a secure decryption environment. Protect your company and your customers' data with a P2PE Qualified Security Assessor like Schellman. Our experts provide your company with validation of its secure hardware-based point-to-point encryption solutions. Schellman provides both QSA and PA-QSA P2PE services.
LEARN MOREPCI DSS Requirement 11.2.2 requires merchants and service providers to perform quarterly external vulnerability scans by an approved vendor. Schellman’s ASV Unified Scan service can deliver the required scans and provide actionable data for organizations.
LEARN MOREOur experts can help you make the most out of your payment card assessment by providing scoping assessments, readiness assessments, and on-site validations
Schellman will conduct interviews and review network, data flow documentation, and configuration information to help the client determine where cardholder data may exist. Additionally they will review network diagrams and configurations to identify segmentation utilized to reduce the scope of an assessment and document and confirm the scope for a subsequent PCI annual on-site validation.
Schellman will evaluate proposed architectures for alignment with the PCI and perform a high-level review of key controls in place. They will identify gaps and provide feedback on common “problem areas” for PCI including encryption, application development, logging, and policy management.
Schellman will conduct a thorough assessment against the current PCI DSS based on a defined testing methodology and quality assurance standards.They will issue a formal Report on Compliance (ROC) and Attestation of Compliance (AOC) for PCI assessments and Reports of Validation (ROV) and Attestations of Validation (AOV) for PA-DSS and P2PE enagements.
Our Schellman teams have experience performing hundreds of PCI validations.
We’re here to answer any questions.